Am Donnerstag, 8. Februar 2018, 08:16:54 CET schrieb Odhiambo Washington via 
> So, I have to ask what people are using these days when it comes to
> dnslists?
> And what other tools/tricks are in use that would help fight spam?

in my experience, dnslists are just one step of effective anti spam filtering 
today. We developed a complex multi-stage anti-spam system for our email 
services which had to be tuned and managed actively, but with the smallest 
amount of time/work possible.

I think by principle the (by far) most efficient anti-spam fighting still is 
possible on MXes and not on SMTP/Mail "hops" "behind". A good DNS setup for 
outgoing email to reduce/avoid bounces from "hijacked" sender addresses is 
important too.

If you look for a in-exim "easy to handle" list, i could recommend 

but be warned, the most effective lists contain a few (known) "false 
positives" (i.e. spamhaus) of large email services (i.e. yahoo, local free 
mail services), because they do not handle their large email traffic within the 
DNSBLs policies (i.e. contain lot of spam). You have to watch and whitelist 
them by hand in the beginning. Place i.e. a proper error message with a url 
pointing to further details and a contact to you / postmaster. 

But DNSBLs are just one thing - todays spammers try to get access and use 
proper relays with hijacked sender addresses (to go through DMARC / SPF / 
DKIM) which is important to reach i.e. gmail recipients.

DNSBL will block real email.

Our Anti-Spam solution (handling a few hunderthousands of mails by day) has 
three "main stages":

        - EXIM SA (with Greylisting)
        - EXIM ACL and a few DNSBL, DMARC (SPF/DKIM)
        - Spamassassin (with compiled rluez - DCC, Pyzor2, Razor and Bayesian)
        - EXIM - AMAVIS Antivirus (with two scanners)

We use a long list of DNSBLs with a "spam propability" value on each added 
(or subtracted) to/from a spam propability counter which goes into 
Spamassassin. SA internally works similiar and in SA we handle DCC (and razor 
+ pyzor2). You may ask at SA lists / view SA docs for more indepth details as 
this would be off list here.

This means each (new) email sender generates a lot of connections (primarily 
DNS). It may makes sense to have your own DNS resolvers (against root) and 
possibly DCC instance.

The Bayesian Subsystem of SA as the antivirus subsystem takes significant CPU 
/ system load. Be aware of local laws if you "read" the users emails (our 
customers allows us to use their email content for spam analysis - check 
possible local law).

Over many years now the solution works very well for our users/customers, 
which (as business users) have a very low acceptance for false positives as 
for (real) spam. Depending from time we get around 97%-99.5% of "real" spam 
out, while the measuring there is not very sharp, because it "hits" against 
the definition of "spam". If we go higher,, inacceptable false positives will 

At the beginning we had to fill in a few hard whitelist entries in different 
subsystems for a few very large (mostly local and freemail) email providers 
which "go their own way"). If a bounce rises today to a real sender the 
reason is on his side (defect email or temporary defect on the mail system on 
senders side). It is important to deliver proper / helpful error messages 
(without giving to much info to spammers out).

We do not have any "Spam folder" in users mailboxes as this doenst saves time 
for the users. 

We recommend our users to disable such in email clients as the amount of 
false positives could be higher then "real" spam landing there. There will be 
email which is recognized by users as "spam" which is regular list / 
newsletter email the user has accepted in the past - let users marking them 
as "spam" this often leads to further problems with false positives later.

hth a bit,

best regards,

 Niels Dettenbach
 Syndicat IT & Internet

Attachment: signature.asc
Description: This is a digitally signed message part.

## List details at
## Exim details at
## Please use the Wiki with this list -

Reply via email to