Thanks for the response Dianne. Rule-based systems like spamassassin make room for false positives from any one of the rules. For instance , a blacklist can have a false positive, but there may be other rules which may not agree with the blacklist. An ensemble of such rules allows make spamassassin to be more accurate.
In case of non-rule based systems like firewall, an inaccurate blacklist can prove costly when the firewall drops legitimate traffic based on inaccurate blacklists. I was reading about graylists on cisco firewalls <https://www.cisco.com/c/en/us/td/docs/security/security_management/cisco_security_manager/security_manager/4-1/user/guide/CSMUserGuide_wrapper/fwbotnet.pdf>, where the network operators could use the graylists to generate alerts to the operator to act upon. A network operator can treat a third-party blacklist as a graylist and generate alerts. Is this common? On Tue, Aug 15, 2017 at 12:24 PM, Dianne Skoll <d...@roaringpenguin.com> wrote: > On Tue, 15 Aug 2017 12:02:23 -0500 > Shivram Krishnan <rorryk...@gmail.com> wrote: > > > Thanks for the response Bill. I have got a couple of responses from > > this group, which agree with what you are saying - they have their > > own custom techniques to prevent spam and reduce false positives. If > > thats the case, who uses third-party generated blacklists? > > I think you'll find a lot of people use them. My instincts tell me the > userbase falls into three sets of administrators: > > 1) Admins of large organizations that can afford reputable lists like > Spamhaus, > etc. and use them. > > 2) Admins of tiny mail servers who are highly aggressive and use > blacklists like kids popping candy and who don't care overly-much > about false positives. > > 3) Admins of small to medium organizations who use commercial > anti-spam filters or commercial email hosts that make use of > blacklists by default, and who probably don't really understand the > ramifications of using blacklists. > > My $0.02: Blacklists can be useful, but I would never reject based solely > on an IP being blacklisted. Also, I don't use third-party blacklists, > though > I do use a set of DNSBLs that my company controls. > > Regards, > > Dianne. >
