Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: SPAM Prevention/Blacklists

  • From: Richard Welty
  • Date: Wed Mar 03 19:40:03 2004

On Wed, 3 Mar 2004 18:35:27 -0500 "Patrick W.Gilmore" <patrick@ianai.net> wrote:
> On Mar 3, 2004, at 6:00 PM, Richard Welty wrote:
> >> Of the ones above, I only use spamhaus, combined with opm.blitzed.org 
> >> &
> >> relays.visi.com

> > i use the same ones as Patrick, but i also use the cbl (a component of 
> > the
> > spamhaus xbl, perhaps the only one at the present time, but that could 
> > change.)

> Mind if I ask why you don't use the sbl-xbl?

keep in mind that the sbl is the combination of "sbl classic"
with the xbl, where the xbl is currently a feed of the cbl that may
at a later date incorporate additional lists or data.

i use the original sbl at RCPT TO: time. by separating them, i
can use the cbl portion at connect time. it's a bit of flexibility
that i like.

at some future date, when the xbl diverges from the cbl i'll look
at the differences and decide what to do about it.

> BTW: I also use haebeas & bogons, but not really sure you would call 
> haebeas a blacklist. :)

i've used habeas in the past, but don't at the present time.

> > one thing i do is use opm.blitzed.org and cbl.abuseat.org at connect 
> > time.
> > hosts on these lists are pretty much guaranteed to be open proxies or
> > compromised hosts, so listening to them at all is a waste of time. no 
> > need
> > to wait until after RCPT TO: to 5xx, i just drop the connection.

> I love opm.blitzed.  I haven't tried cbl.abuseat.org.  I'll have to 
> check it out.

well, given that you use the sbl-xbl, you already are using
the cbl. high rejection from abusive hosts, vanishingly small
false positives. i love it. i like doing at connect time even
better, fewer of my resources consumed by abusive hosts
that way.

> >> Also, I like sender verification, but that's me.

> > i used it for some time, and reluctantly shut it down. blocked a lot 
> > of email
> > abuse, but too many false positives for my taste.

> Could you go into more detail?
...
> Maybe I have others I just don't know about?  How many people send 
> legit e-mail with return addresses which are bogus?

the main problem is systems where the admin has foolishly started
rejecting MAIL FROM:<> to cut down spam. i tried to whitelist
such systems, but couldn't keep up. when i did finally drop sender
verify, a suprising number of my mailing list subscribers came forward,
relieved that they could send mail to the lists again. (the system that
i set up with sender verify handles a number of confirmed opt-in
mailing lists, mostly about cars).

once i realized that the false positive problem was so much higher
than i expected, i decided not to turn it back on. there are other
cogent arguments against sender verify, but it was the false
positive problem that drove my own decision.

richard
-- 
Richard Welty                                         rwelty@averillpark.net
Averill Park Networking                                         518-573-7592
    Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.