At 12:44 14-01-2009, Rob McEwen wrote:
No. This is just due to the fact that, unfortunately, some mail servers
and IPs (which send desired and solicited messages) are somewhat
incorrectly configured. It turns out that a distributor receiving
legitimate business e-mail from vendors & customers in such places as
Africa, South America, Asia... all over the place... is going to see a
disproportionately larger amount of messages sent from IPs which either:
Choosing a tool requires an understanding of what the tool can do and
the task to be performed with it. We don't have to go as far as
South America to to find incorrectly configured mail
servers. There's currently a user on this list running one that send
bounces to the wrong address.
This has nothing to do with Rasmus's tools.. other than the fact that (I
surmise) he is probably now forced, given that situation, back off of
his scoring of DNSBls and rely more on content filtering in comparison
to those whose e-mail is mostly US/Europe-based.
If there is nothing wrong with Rasmus' tools, then the Botnet plugin
should work for him. Now, if you are saying that the Botnet plugin
should only used for those who of you who only receive mail from the
US or Europe, I'll point out that it also causes false positive for
that kind of mail traffic. As you mentioned above, the problem is
not really with Botnet plugin if we understand that it does not detect botnets.
Regards,
-sm