On Sat, 12 Aug 2006, John Rudd wrote: > If someone does make a Registrar RBL and a Name Server RBL (both > of which are good ideas), _PLEASE_ do something like this: > > a) have two lists for each RBL, one which has the above "kill the > bystanders" point of view, and one which is much more conservative > in its listing policies.
By listing policies I suppose you mean how offensive a registrar has to be to be put on the list. Can anyone suggest guidelines to use to make this decision? > b) have an RBL which returns different values for different > confidence levels. Something like a percentage of known spammers > are on that specific provider. So, if a registrar is 60% spammers > and 40% bystanders, it will return "60"... and I can choose to > only block those who have a 99% or higher rating, or something. > This would also, hopefully, allow SA to give different score > values to different ratings. 127.0.0.1 ... 127.0.0.100 perhaps? How would a rule to score points based on the returned IP look? Can/does SA cache the returned IP and test it in multiple rules without making multiple DNS queries? -- John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/ [EMAIL PROTECTED] FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 ----------------------------------------------------------------------- Taking my gun away because I *might* shoot someone is like cutting my tongue out because I *might* yell "Fire!" in a crowded theater. -- Peter Venetoklis -----------------------------------------------------------------------