It's looking very promising!
1. So far, it detects about 10% as SPAM in emails that SORBS, SPAMCOP, SpamHaus Zen and BRBL have let through. 2. In that, it does 20 times better than the total of these AHBL tests: DNS A RR 127.0.0.2: Open Relay DNS A RR 127.0.0.3: Open Proxy DNS A RR 127.0.0.4: Spam Source DNS A RR 127.0.0.5: Provisional Spam Source Listing block (will be removed if spam stops) DNS A RR 127.0.0.6: Formmail Spam DNS A RR 127.0.0.9: End User (non mail system) DNS A RR 127.0.0.14: Compromised System: DDoS DNS A RR 127.0.0.15: Compromised System: Relay DNS A RR 127.0.0.16: Compromised System: Autorooter/Scanner DNS A RR 127.0.0.17: Compromised System: Worm or mass mailing virus DNS A RR 127.0.0.18: Compromised System: Other virus DNS A RR 127.0.0.127: Other and 12 times better than the total of these NJABL tests: NJABL: DNS A RR 127.0.0.2. Open relays and known spam sources. NJABLDUL: DNS A RR 127.0.0.3. Dial-up/dynamic IP ranges. NJABLSOURCES: DNS A RR 127.0.0.4. Lists spam sources. Will include commercial spammers, direct-to-MX, and proxies. IP ranges will be added only if they can be identified with the spammer. NJABLMULTI: DNS A RR 127.0.0.5. Lists multi-stage open relays. Will notify the appropriate NIC one week in advance of listing, to allow them to correct the problem. NJABLFORMMAIL: DNS A RR 127.0.0.8. Lists servers with insecure formmail scripts. NJABLPROXIES: DNS A RR 127.0.0.9. Lists open proxy servers. 3. I don't have a big enough sample, but an EARLY trend is indicating that it possible significantly cuts the amounts of email that Sniffer still has to scan. 4. >> all of the TXT records say "GBUdb Cloud Truncate c > 0.2, p > 0.9" << Thanks - so there ARE TXT records. This way I can configure to pick those up (even if they are generic right now) 5. >> When we bring the gbudb.com site online we will explain how the IPs are listed. We may develop a link mechanism to look up specific data on each IP after a time.<< Thanks, specially the first part (a static page explaining the listing method/policy - and that de-listing is automatic once spam stops) will be important so that we can include that link in 5.7.1 rejection string. Don't want to have to start answering individual inquiries. Best Regards, Andy From: supp...@declude.com [mailto:supp...@declude.com] On Behalf Of Pete McNeil Sent: Friday, April 30, 2010 4:49 AM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] We have opened up truncate.gbudb.net On 4/29/2010 10:06 PM, Andy Schmidt wrote: Thanks - I activated it in my gateway and will report back after a day or so. Question: Does it have TXT records that holds additional info that can be returned in the 5.7.1 message to the sender? Right now all of the TXT records say "GBUdb Cloud Truncate c > 0.2, p > 0.9" As we continue to develop this that may change to provide other (better?) information. Is there a lookup URL that can be included in the 5.7.1 message that people can use to learn about your service, learn about the listing/de-listing policy (and determine the status of their IP address in case of a false positive)? When we bring the gbudb.com site online we will explain how the IPs are listed. We may develop a link mechanism to look up specific data on each IP after a time. As for listing and de-listing -- that is automatic and is generally described in the Message Sniffer documentation about GBUdb. If the general population of Message Sniffer nodes are reporting that a message source produces virtually nothing but spam then it will be listed. If those reports go away or their character changes then the listing will change also - and fairly quickly: days if traffic for the IP disappears; hours or perhaps minutes if the character of the traffic from the source changes. Best, _M --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to imail...@declude.com, and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
