Hi Dave, Yep... we use SURBL tests... We also have several types of in-house tests to quickly adjust to things like the German wave. Very little slips through (less than 0.1%), just curious if others have noticed that DNSBLs and RHSBLs have become next to useless...
Darin. ----- Original Message ----- From: "Dave Marchette" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Friday, June 03, 2005 11:48 PM Subject: RE: [Declude.JunkMail] Blacklist effectiveness Darin, If you have not yet, you might consider adding SURBL testing as well. Darrell (http://www.invariantsystems.com) has a product, invURIBL, that is competent at interfacing SURBL to Declude(which in reality should and may at some point in time do this natively) as an ext. test. SURBL looks at the target link of the spam, and compares it to numerous blacklists(including name server bl). Drawbacks: 1 Processor intensive(testing showed a 15% increase in proc usage) 2 Difficult to fine tune. 'Out of the box' this product returns a weight that is a factor of several configurable tests that run inside INV. You have to fine tune each, then observe the end result. There is likely an easier way to tune this but I have not yet delved too far in. Upside: 1 As effective as Sniffer, and utilizes a different mechanism for identification. Low false positives. 2 Cheap Sniffer is _amazing_. However, we were discouraged after it took 8 hours to get a Sniffer rulebase for the last wave of German spam. So, we started testing SURBL to give Sniffer some help. Side note: The very instant we initialized testing, we started seeing a significant increase in picture spam (just a gif file, nothing else, not even a link - therefore undetectable to SURBL) We attribute this to the fact that we did not sufficiently cloak the test name in the headers and body, and the mass mailers determined by way of 'mailbox full' bounces from the test domain, that we were utilizing SURBL. Dave -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Scott Fisher Sent: Friday, June 03, 2005 7:11 PM To: [email protected] Subject: Re: [Declude.JunkMail] Blacklist effectiveness I've posted my spamtest effectiveness from Feb 2004 forward at http://it.farmprogress.com/declude/declude.htm ----- Original Message ----- From: Darin Cox To: [email protected] Sent: Friday, June 03, 2005 8:33 AM Subject: [Declude.JunkMail] Blacklist effectiveness Anyone else noticing over the past few months that DNSBLs and RHSBLs have almost completely lost their effectiveness? We're seeing only a few (e.g. SBL, MXGATE, MAILPOLICE) that catch more than 5% of incoming spam, and they top out at less than 6%. If it weren't for Sniffer and the specialized tests in Declude we'd be buried. Just curious as to what others are seeing... Darin. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
