Grant wrote:
Do you think the reject_rbl_client stuff is safer than greylisting?
- Grant
1. Blacklists have the HIGHEST false positive rate of any anti-spam
technique other than sending all mail to /dev/null. 34%
http://www.paulgraham.com/falsepositives.html
2. Blacklists block the least amount of spam. 24%
So it's wrong more often than right.
3. All Blacklists are run by jackasses. Yes, even the ones you like.
http://www.internetnews.com/xSP/article.php/8_1143551
http://www.peacefire.org/anti-spam/group-statement.5-17-2001.html
http://www.networkworld.com/research/2001/0910feat.html
and far too much personal experience*
In my experience over the past two to three years greylisting and
simple header checks have blocked 99% of spam before it gets to the
queue and generated less admin overhead with false positives and other
nonsense. I'd call its accuracy a solid 99.9% since I've only had to
whitelist three sets of servers over the years, YMMV. It might not be
99.9 for everyone, but it will be far better than blacklisting. There
are some quirks with greylisting, but overall it's been very effective
without much downside.
I can't say enough bad things about blacklisting.
kashani
* The first ISP I worked for actually hosted public.com which has
probably been the most hijacked domain ever. It's a fun Monday morning
when some moron decided to block your entire ISP without actually
looking at the headers. It gets slightly less fun the fifth and sixth
time it happens. Homicide is considered when they assume they are
automatically right, are as rude as possible to you, and then stall for
a day before they grudgingly remove you.
--
gentoo-user@gentoo.org mailing list
