Pete,
CBL has a proven 99.97% accuracy and on some systems over a 40% hit rate
on traffic, yet their methods are rather simple and easy to implement.
If an IP hits your spamtrap, and it has either no reverse DNS entry or
it has a dynamic reverse DNS entry, it is added, if it doesn't, it isn't
Hi Pete,
Thanks for taking the time to respond.
>> The rule was in place from 20070326. The first reported false positives
arrived today <<
Except that reports from end users lingered in my email since Friday. Not
your fault - but just to better demonstrate the ultimate effect it had.
To be cer
Hello Andy,
Tuesday, April 3, 2007, 5:15:12 PM, you wrote:
> Hi Jonathan:
> That's exactly the problem. These particular rules were blocking Google mail
> servers - NOT specific content.
To clarify, it was blocking precisely one IP. The F001 bot only tags a
single IP at a time (not ranges, ever
Hi Jonathan:
That's exactly the problem. These particular rules were blocking Google mail
servers - NOT specific content.
Obviously, as already discussed in the past, it IS necessary that these
IP-based blocks are put under a higher scrutiny. I'm not suggesting that the
"automatic" bots should be
This has been suggested in this past; however, I forgot the reason for not
doing so. Personally, if someone is spamming, I do not care about the
source. I would want it to stop. IP blocking is dangerous, and content
often seems the most effective method of blocking spam. If the blocks are
based
Hi Matt:
Yes, I understand that RevDNS is not a universals solution. That why I
proposed that WHOS and/or RevDNS was checked against a list of "excepted"
RevDNS' to then decide if human approval and/or review is necessary. The
goal is simply to present questionable rules for review by some inte
Agreed, however reverse DNS is not a universal solution as things like
RR accounts will come from the same base domain as RR spam zombies, and
you would otherwise have to track down each unique reverse DNS entry.
I would test a connection to the SMTP server instead. Most of these
servers will
Hi,
Unless I'm mistaken, rule 1370762 was targeting the same address range.
If I may make a suggestion:
Before the spam-trap robots are allowed to block major, well-known and
easily recognizable email providers, how about the robot script pulls a
WHOIS and a Reverse DNS and runs that data against
Hello Andy,
Tuesday, April 3, 2007, 9:36:17 AM, you wrote:
> Hi Phil,
> Yes, it seems as if some Sniffer rules, e.g., 1367683, is broadly targeting
> Google's IPs.
> I've submitted 3 false positive reports since last night, at least two of
> them were Google users, one located in the U.S. and t
Hi Phil,
Yes, it seems as if some Sniffer rules, e.g., 1367683, is broadly targeting
Google's IPs.
I've submitted 3 false positive reports since last night, at least two of
them were Google users, one located in the U.S. and the other in the
Netherlands!
Andy
-Original Message-
From: Me
Hello Phillip,
Tuesday, April 3, 2007, 6:30:22 AM, you wrote:
> I am getting a large number of false positives and not sure why.
> How do I add a whitelist of domains, or do i send in the false
> positives in hopes they will somehow be added to the rulebase.
Please follow our false positiv
I am getting a large number of false positives and not sure
why. Mostly mail from newsletters or lists, such as DMXZone, but I
am also still unable to receive some mail from my own internal users.
I am filtering on a per mailbox right now and I have been sending
spam from my mailbox into its o
12 matches
Mail list logo
