Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: SPAM Prevention/Blacklists

  • From: Richard Welty
  • Date: Wed Mar 03 19:40:03 2004

On Wed, 3 Mar 2004 18:35:27 -0500 "Patrick W.Gilmore" <> wrote:
> On Mar 3, 2004, at 6:00 PM, Richard Welty wrote:
> >> Of the ones above, I only use spamhaus, combined with 
> >> &
> >>

> > i use the same ones as Patrick, but i also use the cbl (a component of 
> > the
> > spamhaus xbl, perhaps the only one at the present time, but that could 
> > change.)

> Mind if I ask why you don't use the sbl-xbl?

keep in mind that the sbl is the combination of "sbl classic"
with the xbl, where the xbl is currently a feed of the cbl that may
at a later date incorporate additional lists or data.

i use the original sbl at RCPT TO: time. by separating them, i
can use the cbl portion at connect time. it's a bit of flexibility
that i like.

at some future date, when the xbl diverges from the cbl i'll look
at the differences and decide what to do about it.

> BTW: I also use haebeas & bogons, but not really sure you would call 
> haebeas a blacklist. :)

i've used habeas in the past, but don't at the present time.

> > one thing i do is use and at connect 
> > time.
> > hosts on these lists are pretty much guaranteed to be open proxies or
> > compromised hosts, so listening to them at all is a waste of time. no 
> > need
> > to wait until after RCPT TO: to 5xx, i just drop the connection.

> I love opm.blitzed.  I haven't tried  I'll have to 
> check it out.

well, given that you use the sbl-xbl, you already are using
the cbl. high rejection from abusive hosts, vanishingly small
false positives. i love it. i like doing at connect time even
better, fewer of my resources consumed by abusive hosts
that way.

> >> Also, I like sender verification, but that's me.

> > i used it for some time, and reluctantly shut it down. blocked a lot 
> > of email
> > abuse, but too many false positives for my taste.

> Could you go into more detail?
> Maybe I have others I just don't know about?  How many people send 
> legit e-mail with return addresses which are bogus?

the main problem is systems where the admin has foolishly started
rejecting MAIL FROM:<> to cut down spam. i tried to whitelist
such systems, but couldn't keep up. when i did finally drop sender
verify, a suprising number of my mailing list subscribers came forward,
relieved that they could send mail to the lists again. (the system that
i set up with sender verify handles a number of confirmed opt-in
mailing lists, mostly about cars).

once i realized that the false positive problem was so much higher
than i expected, i decided not to turn it back on. there are other
cogent arguments against sender verify, but it was the false
positive problem that drove my own decision.

Richard Welty                               
Averill Park Networking                                         518-573-7592
    Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security

Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.