Hi David (and re-adding the list in case we say something interesting), “Snowshoe spam”, as I understand it is basically a spammer sending batches from a list of “clean” IPs - not too many emails per IP, but lots of hosts to send from. By the time an IP is blacklisted, it’s already done spamming.
Another theory I have is these folks work alphabetically, as the client I have the most issues with has a domain starting with “b” and they just see way more spam. Could just be random, or that it’s a very old domain (20+ years). Anyhow, I have my own list of hosting operations that seem to just keep being used for this and I’d like to start them off at 4-5 points in my postscreen config. My typical filtering setup is Postscreen with a bunch of RBLs, and generally I need 3-4 of the reliable RBLs to hit a sending IP before it hits the threshold. After that, the mail moves to SpamAssassin. It scores most of the missed emails around 2-3 points, almost exclusively via Bayes. Thanks, Charles > On May 20, 2019, at 8:49 PM, David Mehler <dave.meh...@gmail.com> wrote: > > Hello, > > I don't know about the netblocks your looking for, but what is > snowshoe spam? What does your spam blocking configuration look like? I > can send you mine if you think it would help. > > Dave. > > > On 5/20/19, Charles Sprickman <c...@morefoo.com> wrote: >> Hi all, >> >> I was looking through a few lists of RBLs and I’m not finding quite what I >> want. >> >> I have quite a bit of my spam blocking working fairly well, but I’m seeing >> quite a bit of “snowshoe spam” from a few providers. Rather than look up >> their netblocks and outright block them, I’d like to incorporate them into >> the postscreen scoring process. As time goes on, I’m sure I’ll find others, >> but I do see ColoCrossing and Limestone Networks as pretty consistent >> sources. >> >> Are there any RBLs that exclusively deal with blocking by netblock/owner >> that I’m missing? Or am I better off just setting up a local RBL with the >> things I want to cover? And while I’m asking, any interesting RBLs you >> folks use that are based on non-standard criteria (country-based RBLs, lists >> of RFC-ignorant hosts, etc.)? >> >> Thanks, >> >> Charles