Matthew Black wrote:
When we licensed Spamhaus a few years back, they required us to set-up a DNS slave server instead of querying against their public server. They had a special DNS client that allowed partial zone updates. Turns out we downloaded huge hourly updates.
This is no longer necessary. You can either run your own server (zone transfer-ish) or you can query their servers. When you pay your fee, you get a magic code which you insert in the DNS query, and this lets them know who you are. I second the assertion that others have already made that this is worth the money. We do spam testing, and I can more-or-less guarantee that Spamhaus beats all of the free reputation services (and a number of the for-pay ones) hands-down in its ability to block spam and the incredibly low number of false positives. In case you are interested in more on the topic, I did write a white paper (ob.disc.:Cisco gave me money to write up the white paper based on data I have been collecting for years) on reputation services. John Levine wrote:
We no longer use Spamhaus, relying instead upon Sender Base Reputation Scores (IronPort).
How does the price compare?
Well, depending on how you look at it, either horribly or beautifully. You can't buy SenderBase by itself; you get it with an Ironport anti-spam appliance. So if you were going to buy Ironport anyway, the price is "free" which makes it cheaper than Spamhaus. On the other hand, if you just want SenderBase, it'd be a very expensive way to get only the reputation filtering. In general, like many of the big-name anti-spam products, the reputation service is part-and-parcel of the product and can't really be separated out. In fact, with Ironport, they use the reputation service in two ways: one is to block connections in the first place, and the second way is to bias results of their content filter for connections which are accepted. Since their scores are -10 to +10, there's considerable leeway to use the information as part of their anti-spam cocktail beyond simple "go/no-go" of a typical reputation service. jms -- Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719 Senior Partner, Opus One Phone: +1 520 324 0494 jms@Opus1.COM http://www.opus1.com/jms
On Wed, 17 Feb 2010 18:33:00 -0700 Joel M Snyder <Joel.Snyder@Opus1.COM> wrote:
I second the assertion that others have already made that this is worth the money. We do spam testing, and I can more-or-less guarantee that Spamhaus beats all of the free reputation services (and a number of the for-pay ones) hands-down in its ability to block spam and the incredibly low number of false positives.
We ADDED Spamhaus to our IronPort because it was inexpensive. I recall using MAPS RBL many years earlier with a lot of false positives and angry companies trying to reach our users.
John Levine wrote:
We no longer use Spamhaus, relying instead upon Sender Base Reputation Scores (IronPort).
How does the price compare?
Well, depending on how you look at it, either horribly or beautifully. You can't buy SenderBase by itself; you get it with an Ironport anti-spam appliance. So if you were going to buy Ironport anyway, the price is "free" which makes it cheaper than Spamhaus. On the other hand, if you just want SenderBase, it'd be a very expensive way to get only the reputation filtering.
In general, like many of the big-name anti-spam products, the reputation service is part-and-parcel of the product and can't really be separated out. In fact, with Ironport, they use the reputation service in two ways: one is to block connections in the first place, and the second way is to bias results of their content filter for connections which are accepted. Since their scores are -10 to +10, there's considerable leeway to use the information as part of their anti-spam cocktail beyond simple "go/no-go" of a typical reputation service.
jms Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
SenderBase blocks about 90% of incoming connections. 3-part TCP/IP handshake, send them an error, then disconnect. For some egregious senders, we simply refuse the TCP/IP connection. You don't have to scan refused messages or connections for viruses or spam, a very costly process. When IronPort first released their own anti-spam product to replace Brightmail, it had many false positives. We were a beta tester. They do much better now and false positives are almost non-existent. We still encounter the occasional user wondering why their connection gets blocked by SenderBase. For our users, we remind them to configure SMTP AUTH when working from off campus because so many DSL addesses have low SBRS values. SMTP AUTH lets them bypass the SenderBase. One of the coolest IronPort features is virtual gateways. Besides all the reputation filtering and anti-spam, anti-virus features, IronPort lets you create virtual gateways so outbound e-mail can be classed to use a different outbound source IP address. Very helpful so that our bulk mailers don't affect individual users should we get black or graylisted. Cheers. matthew black e-mail postmaster california state university, long beach
We ADDED Spamhaus to our IronPort because it was inexpensive. I recall using MAPS RBL many years earlier with a lot of false positives and angry companies trying to reach our users.
Yeah, I used to pay for MAPS but dropped them several years ago because of the false positives and the high cost. R's, John
participants (3)
-
Joel M Snyder
-
John R. Levine
-
Matthew Black