> -----Original Message----- > From: Kai [mailto:[EMAIL PROTECTED] > Sent: Tuesday, February 03, 2004 5:52 PM > To: [EMAIL PROTECTED] > Subject: Re: [OT} RE: SA Blacklists > > > On 2/2/2004 at 7:29 PM, "Rose, Bobby" <[EMAIL PROTECTED]> wrote: > > > I use it but good luck with his URI blacklist. It's huge > and I had slow > > performance using it. > > > Check out the RulesDuJour script on http://www.exit0.us/index.php > > > -----Original Message----- > > From: Jon [mailto:[EMAIL PROTECTED] > > Sent: Monday, February 02, 2004 7:28 PM > > To: [EMAIL PROTECTED] > > Subject: Re: SA Blacklists > > > Here's a little more, in short: > > > This is a list of domains, hosts, and IP addresses used by spammers. > [...] > > > Jon > > "rules du jour" kind of sums this up: the concept of > centrally administering > a list of fast- and ever-changing spammer resources (domains, > IP ranges) in > this fashion does not scale. > > - If your list gets too popular, your servers will be > targeted with DoS attacks, > whether that's by IP traffic or cease&desist letters > purporting to be > "permissible legal assault" does not make a difference. > - Got "Slow performance" now? You expect this list to grow, don't you? > > For a real solution, look no further than > http://bugzilla.spamassassin.org/show_bug.cgi?id=1375 , > > which has an experimental patch by Florian Klein that does > DNSBL lookups > against hostnames contained in URL/URI's. At least one comment (#7) > explains the scaling issue - and also suggests creating a DNSBL that > lists domains for purposes of blacklisting. I personally prefer to > list by network number and/or ASN - it scales much better. > > I encourage people to apply the posted patch - and read the detailed > discussion in the bugzilla ticket - 70% positive hit rate on incoming > spam by querying SPEWS and SBL alone is probably the best single-case > rule so far. > > bye,Kai > > > -- > "Just say No" to Spam Kai > Schlichting > New York, Palo Alto, You name it Sophisticated > Technical Peon > Kai's SpamShield <tm> is FREE!
Take it from someone who knows, Kai has it correct. This is the way to go. Hopefully future RBLs like spamcop will pull out URLs into a seperate list. This would raise the hit ratio above 70%. SImply because some hosting domains are never used to send spam. My Bigevil.cf was spawn out of frustration. It started like Stearns list but I quickly realised this effort is semi futile. With DNSRBLs and Bigevil, we get almost zero spams sneaking thru. When this is all automated via RBLs it will rock. I'm so looking forward to this. "Sophisticated Technical Peon" and "REALYHARDMATH" Hah!!! :) --Chris
