Yeah, after Scott's reply I setup a couple of tests using HELO & REVDNS to see what the results would be like. I'll monitor for a few days to see how they look, but I so far I am see pretty good results.
Bill ----- Original Message ----- From: "Matt" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, December 17, 2004 3:08 PM Subject: Re: [Declude.JunkMail] mailpolice > I test the MAILFROM, HELO and REVDNS on the primary list, and the > increase in hit rates for using an RHSBL this was is about 1% to 2% on > my system if I recall correctly. > > I also use the dynamic zone, but I have only applied it to the HELO > because I found false positives early on while using it with REVDNS > where they were tagging legitimate mail servers, and the patterns should > have been detected as unreliable by who ever entered them. This works > with a wildcard at only one end of the entry and is capable of only a > single pattern match, and therefore it is limited. I decided to > supplement my own DUL hits with custom filters built to tag single as > well as multiple patterns necessary for proper identification. > > The idea of using it as a HELO test is designed to catch zombies, and I > weight it low due to the false positives with mail servers, but add > extra points when it combos with a DUL hit. > > Matt > > > > > Scott Fisher wrote: > > dynamic.rhs.mailpolice.com - dynamic PPP/DSL/cable reverse DNS > hostnames, > > useful for stopping spam from broadband proxies > > > > Because it targets the RevDNS is why I use the dnsbl with the revdns. I > also > > test the HELO > > > > revdns 97.6% spam 3539/52891 emails > > helo 99.7% spam 2612/52891 emails > > combo of the above 98.2% spam 3556/52891 emails > > > > When I rhsbl the dynamic I would get too many false positives. > > I never got a hit off the fraud list so I stopped using it. > > > > ----- Original Message ----- > > From: "Bill Landry" <mailto:[EMAIL PROTECTED]> > <[EMAIL PROTECTED]> > > To: <mailto:[EMAIL PROTECTED]> > <[EMAIL PROTECTED]> > > Sent: Friday, December 17, 2004 9:28 AM > > Subject: Re: [Declude.JunkMail] mailpolice > > > > > > > > ----- Original Message ----- > > From: "Scott Fisher" <mailto:[EMAIL PROTECTED]> > <[EMAIL PROTECTED]> > > > > > > You can also use their rev dns list: > > MAILPOLICE-REVDNS dnsbl %REVDNS%.dynamic.rhs.mailpolice.com 127.0.0.2 > > > > 50 > > > > 0 > > > > Hmmm, do you actually catch anything with this test? And why would you > go > > through the trouble of setting it this way? Since this is a classic RHS > > test, why wouldn't you just set it up like: > > > > MAILPOLICE-DYNA rhsbl dynamic.rhs.mailpolice.com 127.0.0.2 5 0 > > > > They also have a fraud list that will help catch phish type e-mails: > > > > MAILPOLICE-FRAUD rhsbl fraud.rhs.mailpolice.com 127.0.0.2 5 0 > > > > Bill > > > > --- > > [This E-mail was scanned for viruses by Declude Virus > > > > ( http://www.declude.com <http://www.declude.com> )] > > > > --- > > This E-mail came from the Declude.JunkMail mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]> , and > > type "unsubscribe Declude.JunkMail". The archives can be found > > at http://www.mail-archive.com <http://www.mail-archive.com> . > > > > > > > > --- > > [This E-mail was scanned for viruses by Declude Virus ( > http://www.declude.com <http://www.declude.com> )] > > > > --- > > This E-mail came from the Declude.JunkMail mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]> , and > > type "unsubscribe Declude.JunkMail". The archives can be found > > at http://www.mail-archive.com <http://www.mail-archive.com> . > > > > > > > > > -- > > ===================================================== > > MailPure custom filters for Declude JunkMail Pro. > > http://www.mailpure.com/software/ <http://www.mailpure.com/software/> > > ===================================================== > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.