[EMAIL PROTECTED] wrote:
My thinking is why not add them to an RBL if they have sent a virus in the past week or two,
[munch]
Even if it is a "legitmate" mail server, I cannot think of any reason to trust it if it does not have functioning antivirus software running.
I tried this. Turns out a shocking number of ISPs and businesses don't bother running AV software on their outbound servers and just blindly relay their users' mail.
If you blacklist IPs based simply on if they've sent you a worm, then you'll likely be blocking a lot of legit mail as well. I was just doing this as an input to a greylisting system (send me a worm and get greylisted for an hour, send mail to too many bad addresses and get greylisted, etc.) and I *still* had a whole pile of complaints from my users. :-( I tried maintaining a whitelist, but eventually gave it up as a bad job.
Sticking with SBL-XBL, at least I can be fairly certain that if an ISP or business gets themselves blacklisted, they'll find out in short order and get themselves removed. The same isn't really true if you're running a local blacklist--I shudder to think what would have happened if I'd blacklisted and bounced the mail, rather than just delaying it....
YMMV, but I'd expect a rough ride with plenty of whitelist-patched potholes. Craig. ------ _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
