Agreed. I had to take my INV URI filtering offline for a few days for some testing. Upon looking back at my kill stats I was intrigued by how much is actually missed by RBL but is caught by INV URI.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darrell ([EMAIL PROTECTED]) Sent: Tuesday, July 26, 2005 11:02 AM To: [email protected] Subject: Re: [Declude.JunkMail] RBL's becoming worthless... Chuck, Agreeded. This is why URI filtering is essential now. From the SURBL site. " [URI Filtering] We feel this is a promising approach since it addresses the core problem of spam most directly: the sites advertised in the spams. Spammers have found ways to get around conventional RBLs by stealing services from multiple open relays or hijacking computers using viruses or trojan horse programs. Because of this theft of services and forced entry into unsuspecting victim computers, spammers are able to exploit multiple new mail sources, sometimes for only a few minutes at a time, faster than RBLs can identify and block mail from those addresses. This is a significant weakness in conventional RBLs, and spammers have devised various ways to exploit it. There are other problems with conventional RBLs that can make their use potentially problematic. (This is not meant to be a criticism of RBLs however. Like most other mail administrators, I use some conventional RBLs on my mail servers to do things like block open relays, etc. So conventional RBLs can be used effectively together with SURBL.)" Darrell ------------------------------------------------------------------- Check out http://www.invariantsystems.com for utilities for Declude And Imail. IMail/Declude Overflow Queue Monitoring, SURBL/URI integration, MRTG Integration, and Log Parsers. Chuck Schick writes: > In the last several months we have seen large quantity of spam coming > from IP blocks that never seem to get listed on any RBL. Spamcop is > about the only one that picks some of them up and once in awhile > spamhaus. There was a block last night that sent several hundred and > sendbase.org showed they had detected no email from that block. > > The reason I bring this up is because when we first started blocking > spam I would say the blacklists would catch almost 90% so we relied > heavily on the blacklist. With the blacklists not being as effective > we need to rely on other tests like sniffer but that misses alot also. > > Chuck Schick > Warp 8, Inc. > (303)-421-5140 > www.warp8.com > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type > "unsubscribe Declude.JunkMail". The archives can be found at > http://www.mail-archive.com. ------------------------------------------------------------------------ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
