Here's some of my April results on SBBL and FiveTen. SBBL 562 hits out of 191,422 mails. 1 e-mail that would would have slipped into my tag weight from my hold weight if I wasn't using this test.
FiveTen: 191,422 mails SPAM consider weight >32 Possible SPAM weight 17-32 Not SPAM weight <17 FIVETEN-BULK 127.0.0.4 Total 954 SPAM 255 26.7% Possible SPAM 12 1.3% Not Spam 687 72.0% FIVETEN-FREEEMAIL 127.0.0.12 Total 41 Spam 12 29.3% Not SPAM 29 70.7% FIVETEN-KLEZ 127.0.0.10 Total 14 Spam 2 14.3% Possible SPAM 1 7.1% Not SPAM 11 78.6% FIVETEN-MISC-ALL 127.0.0.9 Total 157 SPAM 122 77.7% Possible SPAM 4 2.5% Not SPAM 31 19.7% FIVETEN-MISC-DYNA 127.0.0.9 Total 143 SPAM 113 79.0% Possible SPAM 4 2.8% Not SPAM 26 18.2% FIVETEN-MULTISTAGE-ALL 127.0.0.5 Total 74 SPAM 14 18.9% Possible SPAM 8 10.8% Not SPAM 52 70.3% FIVETEN-MULTISTAGE-DYNA 127.0.0.5 Total 50 SPAM 14 28.0% Possbile SPAM 8 16.0% Not SPAM 28 56.0% FIVETEN-SPAM 127.0.0.2 Total 53688 SPAM 51546 96.0% Possible SPAM 210 0.4% NotSpam 1932 3.6% FIVETEN-SPAMSUPPORT 127.0.0.7 Total 2866 SPAM 2381 83.1% Possible SPAM 39 1.4% Not SPAM 446 15.6% FIVETEN-WEBFORM 127.0.0.8 Total 1 Not SPAM 1 100.0% <<< [EMAIL PROTECTED] 5/ 1 12:12a >>> Dave, Since moving to testing on multiple hops, I have found that the expire of records in many of the open relay/spam trap lists has something to be desired (as far as my purposes go). They seem to operate with the impression that people only use these lists on the last hop, however with zombie spammers now starting to relay through legitimate mail servers, it's useful to be able to tag the originating IP as an open relay, but of course only if the information is timely. I have also found that besides XBL/CBL, the relay/spam trap lists, there is lack of a suitable mechanism for delisting unless there is an actual mail server at that IP which can send and receive notifications. As far as the DUL lists go, they are just that, DUL lists, and there is no way out of one unless you are statically assigned and authorized to serve. The only fault with NJABL might be that they aren't delisting the open proxy. I've been meaning to write a note to several of these lists explaining our (Declude's) capabilities and asking for help in either delisting false positives when found, or reducing the time before delisting/re-testing. I have also been phasing out SORBS and FIVE-TEN on my system because they are unreliable by design. SBBL also recently got removed because I can't seem to find a site to report FP's to, and their hit rate has been dropping over time (possibly abandoned as a public resource). NJABL though is above average in terms of reliability on their open relay tests, and their SOURCES test hardly has any questionable sources in it (static spammers). As far as your situation goes, IMail 8 with WHITELIST AUTH would solve this without you needing to weaken your system. I upgraded to IMail 8 for just two things; 1) fixing the queue so that it couldn't steal messages from Declude, and 2) passing AUTH information in the Q* files so that Declude could whitelist local users. Matt Dave Doherty wrote: >Hi, all- > >I have a cable modem in my apartment with a dynamic IP. > >I sent a couple of emails tonight to others at my domain. These messages >FP'd. They were caught by NJABL, which has my current address listed as an >open proxy, with a listing date in January. This address is also listed >(correctly) in DYNABLOCK. > >But if it's a dynamic address, the IP of whatever open proxy existed in >January has certainly changed. > --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
