[68162] in North American Network Operators' Group
Re: SPAM Prevention/Blacklists
daemon@ATHENA.MIT.EDU (Patrick W.Gilmore)
Wed Mar 3 18:41:54 2004
In-Reply-To: <Mahogany-0.66.0-11017-20040303-180029.00@averillpark.net>
Cc: Patrick W.Gilmore <patrick@ianai.net>
From: Patrick W.Gilmore <patrick@ianai.net>
Date: Wed, 3 Mar 2004 18:35:27 -0500
To: nanog@merit.edu
Errors-To: owner-nanog-outgoing@merit.edu
On Mar 3, 2004, at 6:00 PM, Richard Welty wrote:
>> Of the ones above, I only use spamhaus, combined with opm.blitzed.org
>> &
>> relays.visi.com
>
> i use the same ones as Patrick, but i also use the cbl (a component of
> the
> spamhaus xbl, perhaps the only one at the present time, but that could
> change.)
Mind if I ask why you don't use the sbl-xbl?
BTW: I also use haebeas & bogons, but not really sure you would call
haebeas a blacklist. :)
> one thing i do is use opm.blitzed.org and cbl.abuseat.org at connect
> time.
> hosts on these lists are pretty much guaranteed to be open proxies or
> compromised hosts, so listening to them at all is a waste of time. no
> need
> to wait until after RCPT TO: to 5xx, i just drop the connection.
I love opm.blitzed. I haven't tried cbl.abuseat.org. I'll have to
check it out.
>> Also, I like sender verification, but that's me.
>
> i used it for some time, and reluctantly shut it down. blocked a lot
> of email
> abuse, but too many false positives for my taste.
Could you go into more detail?
I've only been using it a couple months, but I have a whole 1 false
positive, and I'm not sure I'd call it a false positive. (Web page
which sent e-mail and allowed anything in "from" address, but was
password protected internal thing, so they were not doing sanity
checking thinking it was guaranteed good e-mail.)
Maybe I have others I just don't know about? How many people send
legit e-mail with return addresses which are bogus?
--
TTFN,
patrick
P.S. Disclaimer: I'm authoritative for the spam BLs I use.
