Charles Gregory wrote:
A more interesting comparison would be to see how much stuff is NOT
caught by spamhaus, but caught by your list or others.... :)
-C
Some stats from my mail server, zen.spamhaus is deployed at the smtp
level, so these are hits against 323 spam samples (as detected by SA)
that made it through smtp restrictions:
## DNSBL Statistics ##
102 RCVD_IN_UCE_COMBINED
95 RCVD_IN_BRBL
70 RCVD_IN_JMF_BL
62 RCVD_IN_UCEPROTECT1
49 RCVD_IN_UCEPROTECT2
40 RCVD_IN_UBL_UNSUB
34 RCVD_IN_UCEPROTECT3
32 RCVD_IN_SBLXBL
24 RCVD_IN_SORBS_WEB
21 RCVD_IN_BL_SPAMCOP_NET
17 RCVD_IN_PSBL
10 RCVD_IN_JMF_BR
9 RCVD_IN_IADB_SPF
9 RCVD_IN_IADB_LISTED
4 RCVD_IN_DNSWL_LOW
3 RCVD_IN_BSP_TRUSTED
2 RCVD_IN_SORBS_DUL
2 RCVD_IN_NJABL_RELAY
2 RCVD_IN_NJABL_PROXY
1 RCVD_IN_NJABL_SPAM
1 RCVD_IN_DNSWL_MED
323 Total Spam
UCE_COMBINED is a hit against any of UCEPROTECT 1, 2 or 3. In my
experience UCEPROTECT can and does give occasional FPs.
RCVD_IN_SBLXBL checks all IPs, not just last external, hence why we see
still see some hits even though zen.spamhaus is already used.
IMHO, BRBL and JMF_BL both do a good job at adding a little weight to
spam making it past zen.spamhaus.org. All the easy to detect stuff has
long since been blocked, so hits at this stage are against the last ~1%
of spam that has slipped past everything else, so don't judge the
apparent ~20% hit rate too harshly.
I still only trust spamhaus to outright reject mail at the smtp level.
