I have been doing something similar to what you're doing Bill.
I've been analyzing the spam traffic that arrives on my local servers and where I locate that the originating server's IP looks like it belongs to a block assigned to dial-ups, DSL, cable or similar patterns, I blacklist an entire block proactively.
So far, I've encountered one false-positive due to a typo by me. It was reported by a tech-savvy friend so I fixed that one.
I'm curious at what amount of false-positives you have been receiving? Do people contact you when they receive the blacklist error? Or does mail get lost when a false-positive is encountered?
Any experiences you can share?
My situation is somewhat unusual. I used to support SIMS setups for a number of clients, but that's all past and at this point the only SIMS system I run is my own server that handles scconsult.com. There are less than a dozen SIMS accounts (including role accounts) and a huge spam exposure for my own main address, for one other current user, for 'postmaster,' (unwisely given to Network Solutions about 9 years ago,) and for some spamtraps. The tiny user population and the high spam load warp my decisions in ways that are likely to not be useful for people running larger domains with narrower spam exposure. I get little legitimate email from the large consumer ISP's, because they
I am having a few identifiable false positives every month, and probably a few I do not recognize, but the spam volume here means that even at that pace (which I consider on the upper edge of tolerability) something on the order of 1 in 10,000 rejections of mail is of legitimate mail. For the most part, I hear about false positives where the sender is someone already well-known to the recipient but people who try mailing a user here in response to public postings (i.e. mailing lists like this, Usenet, etc.) or web pages are likely to go unnoticed. I try to minimize that by having patterned tagged addresses for all users that are whiteholed, so that most published addresses for scconsult.com users are tagged and when individual tagged addresses get spammed I switch them to traps.
The volume of rejections here has grown so large that I can no longer review them in any sort of detail, as I could just a couple of years ago. I do review the rejections with tools that I think let me see all of the false positive candidates, and it is just a handful that look possible per month. I look for anything arriving from machines who HELO credibly to real accounts, blocked by my local blacklist, which is really the only likely source of excessive blocking. That yields a small enough collection that I can review them, and it is rare that I see something that doesn't scream spam.
--
Bill Cole [EMAIL PROTECTED]
############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
