On Wed, 3 Mar 2004 18:35:27 -0500 "Patrick W.Gilmore" <patrick@ianai.net> wrote:
On Mar 3, 2004, at 6:00 PM, Richard Welty wrote:
Of the ones above, I only use spamhaus, combined with opm.blitzed.org & relays.visi.com
i use the same ones as Patrick, but i also use the cbl (a component of the spamhaus xbl, perhaps the only one at the present time, but that could change.)
Mind if I ask why you don't use the sbl-xbl?
keep in mind that the sbl is the combination of "sbl classic" with the xbl, where the xbl is currently a feed of the cbl that may at a later date incorporate additional lists or data. i use the original sbl at RCPT TO: time. by separating them, i can use the cbl portion at connect time. it's a bit of flexibility that i like. at some future date, when the xbl diverges from the cbl i'll look at the differences and decide what to do about it.
BTW: I also use haebeas & bogons, but not really sure you would call haebeas a blacklist. :)
i've used habeas in the past, but don't at the present time.
one thing i do is use opm.blitzed.org and cbl.abuseat.org at connect time. hosts on these lists are pretty much guaranteed to be open proxies or compromised hosts, so listening to them at all is a waste of time. no need to wait until after RCPT TO: to 5xx, i just drop the connection.
I love opm.blitzed. I haven't tried cbl.abuseat.org. I'll have to check it out.
well, given that you use the sbl-xbl, you already are using the cbl. high rejection from abusive hosts, vanishingly small false positives. i love it. i like doing at connect time even better, fewer of my resources consumed by abusive hosts that way.
Also, I like sender verification, but that's me.
i used it for some time, and reluctantly shut it down. blocked a lot of email abuse, but too many false positives for my taste.
Could you go into more detail? ... Maybe I have others I just don't know about? How many people send legit e-mail with return addresses which are bogus?
the main problem is systems where the admin has foolishly started rejecting MAIL FROM:<> to cut down spam. i tried to whitelist such systems, but couldn't keep up. when i did finally drop sender verify, a suprising number of my mailing list subscribers came forward, relieved that they could send mail to the lists again. (the system that i set up with sender verify handles a number of confirmed opt-in mailing lists, mostly about cars). once i realized that the false positive problem was so much higher than i expected, i decided not to turn it back on. there are other cogent arguments against sender verify, but it was the false positive problem that drove my own decision. richard -- Richard Welty rwelty@averillpark.net Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security