> From: Gary Mills <[EMAIL PROTECTED]> > We are using Spamhaus' XBL, and are happy to pay for it.
Since you are already using the XBL, I think you should switch to Spamhaus' ZEN unless you are checking the XBL via dccm, dccproc, or dccifd. Even if you are using `dccm -B`, you should enable ZEN checks on SMTP clients and on MX servers for SMTP envelope domains with something like this in /var/dcc/dcc_conf DNSBL_ARGS="'-Bset:rej-msg=5.7.1 550 %ID %BT http://www.spamhaus.org/query/bl?ip=%BIP' -Bsbl-xbl.spamhaus.org -Bset:no-NS -Bzen.spamhaus.org" That is because ZEN/PBL includes IP addresses of legitimate DNS servers and so should not be used for the default dccm, dccproc, or dccifd DNSBL checks on NS records. > What I'm > looking for now is something that rates domain names by reputation. > Spamhaus was working on such a database, but I haven't heard anything > about that for some time. My main concern is to stop the phishing > messages that rely on forged sender addresses. An anti-phishing domain name reputation service is a hard problem, because the bad guys continually create floods of new names and work hard to cover their tracks. Listing bad domains soon enough to help or even before the bad guys have abandoned them would be hard. The bad guys also vary ("fast flux") the IP addresses of their SMTP clients, HTTP servers, and even leaf DNS servers, but they are generally constrained to IP addresses listed in Spamhaus' ZEN/PBL and they cannot change their IP addresses in the gTLDs as quickly. I see lots of hits by the dccm checks of NS records. Body checks of URLs (including NS RRs) are also quite effective. Vernon Schryver [EMAIL PROTECTED] _______________________________________________ DCC mailing list [email protected] http://www.rhyolite.com/mailman/listinfo/dcc
