On 12/3/2012 3:41 PM, /dev/rob0 wrote: > Ah, so there is your answer. No, I'd never use Spamcop for outright > rejection. I don't even believe that Spamcop recommends such use.
Correct. From: http://www.spamcop.net/fom-serve/cache/291.html "We recommend that when using any spam filtering method, users be given access to the filtered mail - don't block the mail as documented here, but store it in a separate mailbox. Or tag it and provide users documentation so that they can filter based on the tags in their own MUA. We provide this information only for administrators who cannot use a more subtle approach for whatever reason." Not all DNSBLs are created equal, and this is intentional, otherwise we'd have 100s of mirrors of one DNSBL instead of 100s of unique DNSBLs. Zen and BRBL have proven to be pretty safe for outright rejection. Others such as Spamcop, various SORBS lists, Five-ten, some UCE-Protect lists, etc, have proven to be unsafe for outright blocking and should only be used in scoring systems. FWIW Spamassassin by default queries 5 DNSBLs and two RHSBLs: http://wiki.apache.org/spamassassin/DnsBlocklists So if you're using SA, it's probably best to use Zen and BRBL in postscreen or smtpd to cut down the load on SA, and let SA handle the remainder of the DNSBL workload. -- Stan
