Henrik K wrote:
On Tue, Apr 22, 2008 at 07:50:33PM -0700, Marc Perkel wrote:
What I'm looking to do with host name base white lists is use forward
confirmed RDNS to keep certian domain from being accidentally blacklisted.
What's funny is that you already mentioned this a bunch of times, but it
seems people ignore you, since they didn't seem to get it. ;)
While Marc is a bit eccentric, it would be nice to see what would be the
result if someone actually worked with him to better the stuff.
Yep - one of the ideas I originated here is this list is the idea of
blocking spam based on linking to spam sites. It took almost 1 1/2 tears
of talking about it before others picked up on the idea and turned it
into URI blacklists. If you can find old message from around say 2002 or
so from this list you can verify it.
What I'm using now is a complete revolution in spam filtering. But I'm
not the best one to code this up and if other people were to pick up on
some of these ideas they could do a much better job of it than I'm doing.
The new ideas are all about the forward confirmed rDNS host names. And
it's mostly white list oriented but not entirely. Forward confirmed rDNS
can't be spoofed by spammers. So there's a lot of domain name that can
be easily classified in very useful ways. Right now I have 4 main
classifications:
black - block it
white - pass it without further testing
yellow - no info from IP - never whitelist or blacklist - mixed source
server
nobl - definitely don't blacklist - possibly whitelist
nobl is my term for what other call a white list - but to me white list
mean something else My white list are pure ham sources.
In addition I have other lists that help me build these main lists.
isp list - domain names used by DSL providers for dynamic IP ranges. Any
name in this list should not be in the above lists.
freemail list - names like yahoo, gmail, hotmail etc. These are not only
yellow listed - but also drive freemail rule testing. (freemail plugin
type rules)
rb - registrar barrier list - this is used to detect the registrar
barrier so the sub host part can be removed and comparisons can be done
with just the domain name.
My new trick is to use some lists to subtract domains from other lists.
For example, I get a list of what others call a whitelist to a URI
blocklist. I takes this list and subtract out my white list, yellow
list, freemail list, and isp list and the result is my nobl host list.
Then as I get email when the host matches a list then the IPs are added
and an IP based list is created that is extremely accurate.
It is my contention that most all hosts that exist can be classified in
some useful way that can be used to pre-filter messages. In my case less
than 1% of my total email volume goes to Spamassassin. Mostly I use SA
to process hotmail. yahoo, gmail.
So - if you think this through you'll see I'm onto something here and if
others want to jump in you can probably do it far better than me. Yes -
I'm more than a little weird - but the ideas are still valid.