RE: [Declude.JunkMail] Blacklist effectiveness

Fri, 03 Jun 2005 20:53:28 -0700 

Darin,

If you have not yet, you might consider adding SURBL testing as well.  Darrell 
(http://www.invariantsystems.com)  has a product, invURIBL, that is competent 
at interfacing SURBL to Declude(which in reality should and may at some point 
in time do this natively) as an ext. test.  SURBL looks at the target link of 
the spam, and compares it to numerous blacklists(including name server bl).  

Drawbacks:
1  Processor intensive(testing showed a 15% increase in proc usage) 
2  Difficult to fine tune.  'Out of the box' this product returns a weight that 
is a factor of several configurable tests that run inside INV.  You have to 
fine tune each, then observe the end result.  There is likely an easier way to 
tune this but I have not yet delved too far in.  

Upside: 
1  As effective as Sniffer, and utilizes a different mechanism for 
identification.  Low false positives.  
2  Cheap


Sniffer is _amazing_.  However, we were discouraged after it took 8 hours to 
get a Sniffer rulebase for the last wave of German spam.  So, we started 
testing SURBL to give Sniffer some help.  

Side note:  The very instant we initialized testing, we started seeing a 
significant increase in picture spam (just a gif file, nothing else, not even a 
link - therefore undetectable to SURBL)   We attribute this to the fact that we 
did not sufficiently cloak the test name in the headers and body, and the mass 
mailers determined by way of 'mailbox full' bounces from the test domain, that 
we were utilizing SURBL.

Dave

          
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Scott Fisher
Sent: Friday, June 03, 2005 7:11 PM
To: [email protected]
Subject: Re: [Declude.JunkMail] Blacklist effectiveness


I've posted my spamtest effectiveness from Feb 2004 forward at 
http://it.farmprogress.com/declude/declude.htm

----- Original Message ----- 
From: Darin Cox 
To: [email protected] 
Sent: Friday, June 03, 2005 8:33 AM
Subject: [Declude.JunkMail] Blacklist effectiveness


Anyone else noticing over the past few months that DNSBLs and RHSBLs have 
almost completely lost their effectiveness?

We're seeing only a few (e.g. SBL, MXGATE, MAILPOLICE) that catch more than 5% 
of incoming spam, and they top out at less than 6%.

If it weren't for Sniffer and the specialized tests in Declude we'd be buried.

Just curious as to what others are seeing...

Darin.
---
This E-mail came from the Declude.JunkMail mailing list.  To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail".  The archives can be found
at http://www.mail-archive.com.

Reply via email to