On 11 Apr 2014, at 11:07, Robert Schetterer wrote:
Hi , anyone knows this rbl ?
http://v4bl.org/about.html
I've had reason to glance at them a few times in the past year but have
never seen justification to pay ongoing attention...
http://v4bl.org/results.html was a bit startling when I first saw it. If
I had a spam-control tool that I wanted people to pay for, I would be
very reluctant to publish such unflattering metrics for a free subset.
Based on the source site for the data
(http://www.intra2net.com/en/support/antispam/index.php) that "Hit Rate"
appears to be unadjusted for overlap with other lists, but they also
have a page showing ~3/4 overlap with Spamhaus Zen. So if you are
already using Zen, the v4bl free list as an absolute rejection criteria
won't increase how much mail you properly reject by much more than ~3%.
On the other side, the persistent "False Positive" rate is usually well
over 0.1%, which I believe is the threshold between tools that are
"anti-spam" and those more accurately referred to as "career limiters"
by anyone running mail systems professionally. It is also unsettling
that the operator seems quite proud of the absolute scale of his "Full"
list (551M IPs) and of its robust growth (~250K/day). Those might be
interesting numbers in conjunction with less vague information on
listing & delisting criteria and evidence of acceptable accuracy, but in
isolation they imply an unhealthy fascination with size while devaluing
skill.
More generally, when considering any absolute spam-blocking tactic it is
wise to find or measure for yourself something like the Intra2net
metrics. You can't expect to get a perfect match of what some other site
sees, but what matters is marginal gain relative to FPs. IMHO, anything
offering less than a consistent *3 orders of magnitude* between the gain
and the pain has to be relegated to a scoring scheme (such as dnsblog
and/or SpamAssassin) where it is not individually conclusive but may
help somewhat to classify borderline spam.
A very extensive list of IPs; which include:
» Well known spammer IPs
» UBE/UCE abusive IPs
» rfc-ignorant IPs
There is so much said in RFCs and so little careful reading of them that
this criteria can only be deemed a sort of inside joke.
» IPs with mismatched DNS and RDNS (FCrDNS failure)
That is going to catch a lot of non-spam, including some of the exit
points for Microsoft's Office365 (outlook.com) services. Back when I was
handling external mail for US subsidiaries of a major EU manufacturer
and later a major EU telecom/IT firm, such "failure" was almost as
common as "success" among the global pieces of those companies and their
major business partners. That probably has improved in the past 5 years
(it seems to have, based on the mail seen by smaller systems I run now)
but it surely has not disappeared. The root causes for DNS mismatch in
big companies vary, but the defensive accretion of excuses for not
cleaning it up is a shared feature.
» IPs with mismatched rDNS and EHLO/HELO (FCrDNS failure)
Worse. It is worth noting that blocking based on a sender's EHLO/HELO
name fits the label "RFC-ignorant" quite well, which does not mean that
it can't be done in a useful & safe way. This is not that.
» IPs of SPAM friendly ESP/HSP/ISP
That could include any or all of the IP space of any or all of the dozen
largest providers of email sending services, mailboxes, hosting,
colocation, & connectivity. Probably doesn't, but could. Might do so
tomorrow.
» Obfuscated intermediaries / Alias domains / Disposable domains /
Email-only domains
Unclear what those mean, especially in the context of a DNSBL, but I
might be includable in this nefarious group. I don't recall ever having
sent anything that could be called "spam" and surely have not from my
"email-only" domains...
» Intermediaries without easily accessible contact information
» botnet IPs
» and much, much, more...
That's just another way of saying the list has no defined
listing/delisting criteria beyond whatever its automated components
happen to do in their current versions and whatever its owner feels like
listing or delisting at the moment.
Having worked at MAPS in its early days I can state from experience:
THAT IS VERY "LAST CENTURY!"
sounds very strange to me, this might result in massive problems at
some
sites, in special checking EHLO/HELO missmatch
That one is going to catch a huge number of mail servers that don't send
any spam or much mail at all but also don't have a lot of technical
clues nearby. I can't advocate their survival, but on a personal level
it is routinely painful to get involved in the wetwork of their
extinction.
