We are seeing a few false positives because of the SORBS filter. ##http://www.au.sorbs.net/ SORBS IP4R dnsbl.sorbs.net * 4 0 SORBS-NEW IP4R new.spam.dnsbl.sorbs.net 127.0.0.6 3 0 SORBS-RECENT IP4R recent.spam.dnsbl.sorbs.net 127.0.0.6 3 0 SORBS-NOMAIL IP4R nomail.rhsbl.sorbs.net 127.0.0.12 10 0
The false positives are verified IP addresses on the SORBS list but not the fault of the sender as the hosting IP is listed. Because SORBS is positive, they get a score of 4 and 3 and 3 (total 10) and maybe something else that pushes them over 10. (The emails typically are failing all 3 SORBS lists, not just one - I did not expect to see emails failing NEW and RECENT at the same time) This often happens in replies as the replies go back and forth the SPAM weight gets heavier or the senders IP from the hoster changes (hoster has multiple IPs, some of which might be listed - such as Office365 users) My question: I have lowered the weight on SORBS-NEW and SORBS-RECENT to only 1 point each so that if all three filters fail they only get a score of 6. Is this what we should do or should we only use the SORBS bl and not use SORBS-NEW or RECENT? Any recommendations? We are basing this on the fact that if the email is truly SPAM, other filters will give the additional weight so SORBS need only be a few points. Tina Cline 270net Technologies
