RMilner,
I was not trying to grandstand, just to help and pass along my personal
experience with how well the product works. It's not like I am doing any of
the actual work on these RBLs. I am extremely grateful that these things
exist. I DID spend hundreds of hours checking over tagged messages for false
positives by hand though. I listed some of the lists in my previous post.
Will try attaching a copy of my spamblkm.txt file with this message. In case
that doesn't come through correctly though, below are the ones that I
personally use.
sbl.spamhaus.org
bl.spamcop.net
relays.ordb.org
spam.dnsrbl.net
dnsbl.njabl.org
dnsbl.sorbs.net
proxies.relays.monkeys.com
antispam.or.id
spews.bl.reynolds.net.au
inflow.blackholes.us
msgid.bl.gweep.ca
chinanet.blackholes.us
I came to choose these by going to http://www.moensted.dk/spam/ and checking
the individual websites of each of the lists that I chose for info on what
they actually list. I also had Osirus on my list, until last week. They were
a pretty good blacklist, and will definitely be missed. I think that my key
approach towards choosing blacklists is to never go with one that lists
entire, large ISPs (like five-ten does) or to add ones that simply duplicate
what another list is doing. For example, if I had two separate blacklists of
nothing but the same open proxies, that would throw things off. Each of
these lists is unique in its own way, and that is what has allowed me to
strike a good enough balance in order to trust the "three strikes, and
you're deleted" rule.
Other people's needs will definitely be different than mine. The amount of
mail going through my servers is relatively small compared to most others as
well. Only several thousand each day. I do believe that anyone can benefit
from finding the right mix of lists for THEIR particular situation though,
and experimenting on how many RBL "hits" it takes until you can safely
delete. I have never had a false positive on my own server that matched
three of the above servers. In fact, for the past two weeks of monitoring I
have not gotten any false positives with even TWO lists (except when Osirus
kept listing EVERYTHING as being blacklisted!). I am sticking with three for
most of my clients though. Some are even at four. Everyone can find some
middle ground to compromise at though, and if chosen correctly, you would
have a very difficult time getting legit e-mail caught by FOUR different
lists.
Your mileage may vary. I am extremely pleased with the results I have gotten
though. Again, the credit should go to the people who run these lists and
Ipswitch for (finally) implementing this valuable feature. It does take a
lot of work to strike the right balance, but it is worth it in my opinion.
One last WARNING!!! DO NOT ADD chinanet.blackholes.us IF YOU EXPECT TO
RECEIVE -ANY- LEGITIMATE E-MAILS FROM MAINLAND CHINA!!! Personally, I don't.
Honk Kong, maybe. They are not on this list though, as all e-mail addresses
there end in .hk, not .cn.
William Van Hefner
System Administrator
TheDigest.Com/TelCompare.Com
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of RMilner
> Sent: Thursday, September 04, 2003 5:04 PM
> To: [EMAIL PROTECTED]
> Subject: RE: [IMail Forum] Other Spam options
>
>
>
> You give us 2 very long paragraphs of how you have the near perfect setup
> with ZERO false positives and is working great....but you don't tell us
> which RBLs you are using to get those results.
>
> The RBLs you are using to get those results would be nice, otherwise an
> email like this is just grand standing and serves no purpose, imho.
>
>
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of William Van
> Hefner
> Sent: Thursday, September 04, 2003 4:52 PM
> To: [EMAIL PROTECTED]
> Subject: RE: [IMail Forum] Other Spam options
>
>
> Whoa,
>
> I have Imail set up so that it deletes any spam that is listed on
> 3 or more
> blacklists, which do not generally overlap unless there is actual spamming
> activity going on. I had these messages tagged within the headers
> for over a
> month before I decided to start sending them to the NUL folder,
> and had not
> received a SINGLE false positive from any e-mail that had been included on
> 3+ lists. For my more conservative hosting customers I have set
> the limit to
> 4, prior to deletion. I certainly would not trust any single RBL for the
> decision as to whether or not to delete.
>
> As long as you are not using overly zealous blacklist services such as XBL
> or Five-Ten (who blacklist ANY e-mail coming from Yahoo.Com, for
> example), I
> believe, and know from extensive testing that such tests constitute a more
> than reasonable detection system. My only complaint is that it does not
> catch ENOUGH spam. It has never produced a single false positive though.
> Just choose your RBL's wisely and do a lot of testing first. Anyone who is
> using a provider that is on 3-4 blacklists is going to have all their mail
> blocked by AOL and many other ISPs as well. Blacklists are not the only
> method you should use to test spam, but it is the best first line of
> defense, I have found. You can't tell me or my subscribers that
> they do not
> work, nor that such a system traps a number even as high as .1% as false
> positives. Like I said, for over a month, using this system produced NONE.
>
>
> William Van Hefner
> System Administrator
> TheDigest.Com/TelCompare.Com
>
>
>
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] Behalf Of Matt Robertson
> > Sent: Thursday, September 04, 2003 9:39 AM
> > To: [EMAIL PROTECTED]
> > Subject: RE: [IMail Forum] Other Spam options
> >
> >
> > http://www.declude.com/junkmail/support/ip4r.htm
> >
> > As has been mentioned before what you use depends on your spam profile.
> >
> >
> > Since Imail doesn't have a weighting system, and kills any matches with
> > a single ding, I would use blacklists with *extreme* caution, given the
> > high percentages of false positives you can expect.
> >
> > Personally I don't use them at all inside of Imail and regard this
> > portion of its anti-spam as unsafe to use dor this reason.
> >
> > --------------------------------------------
> > Matt Robertson [EMAIL PROTECTED]
> > MSB Designs, Inc. http://mysecretbase.com
> > --------------------------------------------
> >
> > .
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of Glenn Bullion
> > Sent: Thursday, September 04, 2003 7:36 AM
> > To: [EMAIL PROTECTED]
> > Subject: [IMail Forum] Other Spam options
> >
> >
> > More and more spam is coming through our server, yet I have made no
> > changes to our spam settings. It worked very nicely for a while, and
> > judging from the size of the spam box, it's still working. I guess the
> > spammers are just getting smarter. The only changes I can really think
> > of making is adding more blacklists. Can anyone recommend some decent
> > blacklists besides the ones already configured in Imail?
> >
> >
> > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
> > List Archive:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
> Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
>
>
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
# NAME SERVER DOMAIN TO QUERY TYPE ENABLED
TCPFIRST
spamhaus * sbl.spamhaus.org D
T F
SpamCop * bl.spamcop.net D T
F
ORDB-RELAYS * relays.ordb.org D T
F
DNSRBL * spam.dnsrbl.net D T
F
NJABL * dnsbl.njabl.org D T
F
SORBS * dnsbl.sorbs.net D T
F
MONKEYS-PROXIES * proxies.relays.monkeys.com D
T F
ORID * antispam.or.id D T
F
reynoldsSPEWS * spews.bl.reynolds.net.au D
T F
INFLOW * inflow.blackholes.us D T
F
scaryDEVIL * msgid.bl.gweep.ca D
T F
chinaNET * chinanet.blackholes.us D
T F
