to the fact that a domain *requires* ownership. URLs and subdomains
are more ambiguous, which then also makes removal requests extremely
subjective and murky process.
--
Rob McEwen
http://dnsbl.invaluement.com/
r...@invaluement.com
+1 (478) 475-9032
, that everyone
(or the SA powers that be) is OK with BRBL/emailreg.org business
practices... that is one thing. But to sweep this under the rug is
another very very sad and possibly unethical thing.
BTW, Neil, may I remind you...
red herring
--
Rob McEwen
http://dnsbl.invaluement.com/
r
trying to
give back to the community and help those poor innocent system admins
from getting unfairly blacklisted in the future, right?/sarcasm
--
Rob McEwen
http://dnsbl.invaluement.com/
r...@invaluement.com
+1 (478) 475-9032
RCVD_IN_PBL. But even extreme fewer legit emails
will have hits on BOTH of these. So I'd suggest scoring the combination
of the two either just above threshold, or (at the least...) just below
threshold.
--
Rob McEwen
http://dnsbl.invaluement.com/
r...@invaluement.com
+1 (478) 475-9032
and
the author should be praised... but anyone trying to use the botnet
plugin as the end all replacement for DNSBLs, or the bridge all gaps
from their existing DNSBLs' shortcomings... should be aware of these
limitations I mentioned.
--
Rob McEwen
http://dnsbl.invaluement.com/
r...@invaluement.com
+1 (478
not work.
http://postmaster.comcast.net/
--
Rob McEwen
http://dnsbl.invaluement.com/
r...@invaluement.com
+1 (478) 475-9032
secured our freedom and liberty... in comparison to what
the average American today is (unfortunately) brainwashed to believe by
their Government-run schools and Universities.
--
Rob McEwen
http://dnsbl.invaluement.com/
r...@invaluement.com
.
--
Rob McEwen
http://dnsbl.invaluement.com/
r...@invaluement.com
+1 (478) 475-9032
their own e-mail
address. This then become a free trip to the inbox when the spammer puts
that address in the FROM header..
If you want to make sure you don't block your own users outgoing mail,
use SMTP password authentication instead. Don't rely on an easily forged
FROM e-mail address.
--
Rob McEwen
other techniques--and assuming FPs are equal--then and only then does
particular filtering methods make a particular DNSBL obsolete.
--
Rob McEwen
http://dnsbl.invaluement.com/
r...@invaluement.com
+1 (478) 475-9032
includes some excellent graphs.
Read about it here:
http://taint.org/2008/02/29/155648a.html
--
Rob McEwen
http://dnsbl.invaluement.com/
r...@invaluement.com
+1 (478) 475-9032
?
--
Rob McEwen
http://dnsbl.invaluement.com/
r...@invaluement.com
bitmasks.
--
Rob McEwen
http://dnsbl.invaluement.com/
r...@invaluement.com
+1 (478) 475-9032
ip4set, fwiw
Again, not saying these problems can't be solved, only pointing them out
so that anyone who cares to try can know what they need to do, or need
to expect.
--
Rob McEwen
http://dnsbl.invaluement.com/
r...@invaluement.com
+1 (478) 475-9032
URI ratings engine to rate potential
candidates for whitelisting--this would separate most of the wheat from
the chaff with little effort--just as long as the entries submitted was
kept to a reasonably low volume.
--
Rob McEwen
http://dnsbl.invaluement.com/
r...@invaluement.com
+1 (478) 475-9032
this problem for many people.
--
Rob McEwen
http://dnsbl.invaluement.com/
r...@invaluement.com
+1 (478) 475-9032
ask michael scheidell... he has a list for you that is 100% effective...
yeah, like that same joke that grandpa keeps telling over and over.. the
first time it was a little bit funny... but now it is annoying,
particularly the way he is the only one in the room laughing each time.
--
Rob
the whitelist overall, but find it leads to too
many FNs.
--
Rob McEwen
http://dnsbl.invaluement.com/
r...@invaluement.com
+1 (478) 475-9032
% involves large and famous companies (like ATT recent
use of [withheld]'s ESP services)
And there are other examples which are a much harder to call.
But i think this well explains the overlap between URIBL-black and
HostKarma's domain whitelist.
--
Rob McEwen
http://dnsbl.invaluement.com/
r
, instead of insults, if anyone has a grip with them, please just
point out SPECIFIC examples. Over time, if you find many egregious ones,
that will speak for itself. Otherwise, I'd prefer to not be bothered
with this.
--
Rob McEwen
http://dnsbl.invaluement.com/
r...@invaluement.com
+1 (478) 475
of confidence from someone I
greatly trust, I'd still have lingering and suspicious questions. (or
maybe not since I starting to fatigue on this subject.)
--
Rob McEwen
http://dnsbl.invaluement.com/
r...@invaluement.com
+1 (478) 475-9032
it is
happening, I think the anti-spam community SHOULD ask questions!
--
Rob McEwen
http://dnsbl.invaluement.com/
r...@invaluement.com
+1 (478) 475-9032
forces one from earlier today was a classic) --AND-- last but not
least--I will miss his willingness to break through the political
correctness and bring up various points that few others were willing (or
brave enough?) to point out.
--
Rob McEwen
http://dnsbl.invaluement.com/
r...@invaluement.com
+1
jdow wrote:
his response personal spam to this account has increased sharply
Uuh, what does that mean, exactly?
--
Rob McEwen
http://dnsbl.invaluement.com/
r...@invaluement.com
+1 (478) 475-9032
that are
obviously from Richard (including alter-ego ones)? Or some kind of UBE
campaign that you think he is behind? (if so, please describe)
Still confused.
--
Rob McEwen
http://dnsbl.invaluement.com/
r...@invaluement.com
+1 (478) 475-9032
whether these were FPs, or
would-have-missed-without-the-new-rule spams (aka corrected FNs).
If anyone ever develops such a plugin before I have time to, PLEASE let
me know!
--
Rob McEwen
http://dnsbl.invaluement.com/
r...@invaluement.com
+1 (478) 475-9032
blocking... particularly ivmSIP.com, which a FP rate that is almost low
as the FP rate of SpamHaus's lists.
Rob McEwen
Dan Mahoney, System Admin wrote:
Message at bottom.
I checked on this email. My system is right: it is an spf soft-fail.
At this point, ninety nine percent of people who
let
your quest for guaranteed long-term perfection keep you from making
**substantial** progress today!
Rob McEwen
spam filtering to a
level that is beyond what many thought possible.
Rob McEwen
to the inside details, but they must have
made some dramatic changes. Therefore, whatever bad FP reputation
they've earned over the years should be erased and they should be
reassessed.
Rob McEwen
if the
other four lists were already in use prior to adding that fifth list.
Lists that have zero FPs, but don't find any additional Spammer's IPs
didn't make that list.
Rob McEwen wrote:
John Rudd wrote:
Spamcop: no. Don't use them as an MTA RBL. I'm leery of even using
them as a SA RBL
connections.
This is a fundamental flaw in your architecture. Until you fix this,
you'll get FPs with almost all of the best RBLs that other mail
providers use on large networks every day with virtually zero FPs. The
problem is your configuration, not with the RBLs.
Rob McEwen
Skip wrote:
From
Better yet, avoid being a victim of dns hijacking by accessing SURBL
URIBL (and other dnsbls!) via RSYNC. If implemented correctly, this will
result in performance gains as well!
--Rob McEwen
off). Second, there are other techniques to catch
the balance besides bayes. For example, there might be some RBLs (and
URI blacklists) that you aren't using which may be helpful. Not all of
the good ones are included in the default setup for SA.
Rob McEwen
?
(Also, at one point, you mentioned SURBL... but that was a typo and you
are talking about URIBL, correct?)
Rob McEwen
helping ALL of our spam filters to be better via his efforts with SURBL
(and elsewhere).
DNSBL operators like Jeff (and others) are NOT the Energizer Bunny!
(BTW - really, more ISPs need to move to RSYNC... and we should ALL be
running local DNS caching servers)
Rob McEwen
DNSBLs are shady, I'm left feeling angry
and frustrated. Running a DNSBL is a risky, time-consuming, and costly
business (particularly if the DNSBL is of world-class quality.)
Rob McEwen
/months...
therefore, Zen is going to list many IPs that ivmSIP isn't even trying
to list. So ivmSIP is NOT trying to be a Zen replacment, but, instead,
more of a supplement.
Rob McEwen
reliable than DOB.
FOR EXAMPLE, SEE:
http://invaluement.com/results.txt
Unlike all of these other dnsbls I've mentioned, ivmURI does requires a
subscription for access. Contact me off-list for more details and for a
free trial.
Rob McEwen
[EMAIL PROTECTED]
catches
among the 1st tier extreme-low-FP lists.)
Rob McEwen
[EMAIL PROTECTED]
(and scored?) properly by your filter??
Those questions can't be answered without some examples.
Thanks!
Rob McEwen
[EMAIL PROTECTED]
are implemented correctly
and are scored such that either one alone scores high enough in your
system to outright block an incoming spam.
Rob McEwen
[EMAIL PROTECTED]
and this didn't change my conclusions.
--Rob McEwen
like you have some kind of DNS malfunction...or
SmarterMail malfunction.
Rob McEwen
[EMAIL PROTECTED]
on which
list I said that an IP was listed on)
Also, look in SmarterMail to see if there is a place where you can
specify the DNS server.
Rob McEwen
[EMAIL PROTECTED]
package).
Rob McEwen
? Is there some way to whitelist based on
something other than the From address?
Michael,
Try whitelisting the actual sending IPs of PayPal:
SEE:
http://www.senderbase.org/senderbase_queries/detaildomain?search_string=paypal.com
Rob McEwen
, right?
And can you give examples of IPs used to send official PayPal messages
that are not on that list I sent?
Rob McEwen
he has going with his HostKarma lists.
Sure, it is fun to make fun of Marc. But don't be fools yourselves and
miss out on a good thing! Some of his ideas that are lampooned really do
work.
Rob McEwen
at the time your spam arrived.
Any other IPs to check?
Rob McEwen
discouraging in the short term, but might give you the proper long-term
focus and patience you need to really pull this off.
Best wishes for your success in this endeavor!
Rob McEwen
(creator of the invaluement.com DNSBLs, ivmURI ivmSIP)
list (the same one that will be posted on my
web site soon).
Thanks for your interest!
Rob McEwen
now am not allowed to make the official
invaluement.com site launch announcement on the URIBL list? ...I hope
not... then again, we might all be old and gray by the time that happens :)
Rob McEwen
quite well in
head-to-head-to-head tests against SURBL and URIBL... even with it's
smaller footprint... and ivmURI is at least as good in the low-FPs
department.
But, like I said, ALL three lists are indispensable and block spam that
the other two miss.
Rob McEwen
on authenticated mail.
Otherwise, SMTP password-authenticated e-mail should almost always not
be filtered, or be minimally filtered.
Rob McEwen
numbers of spams
with less FPs.
Rob McEwen
dnsbl
implemenations./embarrassed
Rob McEwen
, when you said, too many false positives, are you referring
to FPs from *before* that transformation of SpamCop? Or, are these
*recent* FPs, spotted after that transformation?
(Also, I'm not trying to argue... just trying to learn... and seeking
clarity!)
Rob McEwen
/08/15/004348a.html
Rob McEwen
Could you give an example? Are these newly registered top level domains
spotted in the body of the spams?
Rob McEwen
Mailing Lists wrote:
I'm getting dozens of emails daily from a few different spammers. The emails
consistently are graphic based, but the graphics are html img refs
.
However, this time, I do think you've taken this DNS blacklist thing way too
far. You have to consider the consumers of the DNS list as well.
Overcomplicate this and few will ever get it to work effectively.
:)
Rob McEwen
PowerView Systems
[EMAIL PROTECTED]
seen many web sites that deliver content dynamically from a SQL database
backend where there were noticeably large delays between page loads, for
example.
Rob McEwen
PowerView Systems
[EMAIL PROTECTED]
... but, yes, SORBS is a bit more risky for FPs than the
others I've mentioned.
But I do use all of these as factors which I weight into the score.
(and I think that the warning from www.dnsstuff.com has more to do with
people outright blocking based ONLY on that one RBL's results)
--Rob McEwen
and not nearly as powerful as Palpatine... (at least not yet).
So be careful about anything the U.N. might come up with to rescue us!
Rob McEwen
PowerView Systems
66.135.215.231-240
216.113.168.128
216.113.168.139
216.113.184.201-203
216.113.188.96
216.113.188.112
216.113.188.202
But I make no guarantees about this list. Please correct me if there are any
errors or omissions. Use at your own risk.
Rob McEwen
PowerView Systems
The Twilight Zone...
Either
(1) I have gone insane
(2) GFI has made a critical error in the fundamentals of their architecture.
Please read that post above and let me know which is the case.
Thanks!
Rob McEwen
PowerView Systems
[EMAIL PROTECTED]
haven't created FPs (and so that I can deliver rare FPs in a timely
manner, as well as adjusting the filtering to prevent future FPs)
Hope this helps!
Rob McEwen
PowerView Systems
that changes that much minute to
minute.
There still remains the question about what **exactly** should the numerator
and the denominator be when calculating that percentage? Any ideas yet?
Rob McEwen
PowerView Systems
treating a yellow return code compared to a not found
return code?
Thanks!
Rob McEwen
PowerView Systems
[EMAIL PROTECTED]
who has lost his mind... So I
was hoping for to feedback to make sure that I'm not the one who is crazy
here!
Rob McEwen
of people use Outlook Express and it would be great to
have a SpamAssassin Coach for Outlook Express as well.
--Rob McEwen
if I'm wrong about any of this.
I hope this helps!
--Rob McEwen
Recommended Commercial DNS Services?
Im looking for suggestions for reliable outsourced
DNS services where the servers arent overloaded, the prices are
reasonable, and the service control panels are tops.
Any suggestions?
Rob McEwen
PowerView Systems
[EMAIL PROTECTED]
, has anyone ever seen ANY legit mail go to the highest MX record when
no mail server failure occurred?
Thanks!
Rob McEwen
PowerView Systems
[EMAIL PROTECTED]
(478) 475-9032
with the gov't), Venezuela, any African country who
changes gov't via coup every few years (which is just about all of them),
and ANY Muslim country where those who doesn't worship Allah are persecuted
(and this is the majority of them!).
Do you really want THEM in charge of the Internet?
Rob McEwen
.
--Rob McEwen
include spams sent to non-existent users (i.e. dictionary
attack spams)?
(2) Was pre-filtering done, such as collecting stats only on messages
which made it past zen.spamhaus.org (etc.)? Or was there no pre-filtering?
--
Rob McEwen
http://dnsbl.invaluement.com/
r...@invaluement.com
+1 (478) 475
fare VERY well either
way--so don't think I'm saying or implying ANYTHING bad about URIBL! (or
anything bad about ANY other list)
(fwiw)
--
Rob McEwen
http://dnsbl.invaluement.com/
r...@invaluement.com
+1 (478) 475-9032
DNSBLs come up as well that might
help you (at no cost!), too!
--
Rob McEwen
http://dnsbl.invaluement.com/
r...@invaluement.com
+1 (478) 475-9032
I think the problem is the following rule in sought:
body __SEEK_2TRLES /Facebook, Inc\. P\.O\. Box 10005, Palo Alto, CA 94303/
which is currently hitting on many (or maybe even all ALL?) legitimate
facebook notifications (along with the ones generated by spammers)
--
Rob McEwen
http
Benny Pedersen wrote:
On fre 20 aug 2010 19:42:04 CEST, Rob McEwen wrote
body __SEEK_2TRLES /Facebook, Inc\. P\.O\. Box 10005, Palo Alto, CA
94303/
which is currently hitting on many (or maybe even all ALL?) legitimate
facebook notifications (along with the ones generated by spammers)
dkim
DNSBLs that this mail system uses are
not going to show up on that list at all, even if very good blacklists,
like Zen--due to those DNSBLs already being used for outright blocking
on that mail server where these spams were missed. That is the reason
some lists are missing or under-represented.
--
Rob
really mean a Joe Job--where
a spammer is forging your users' e-mail addresses as the from address
in their spams, correct? If yes, a strict SPF record can get the spammer
to back of and go elsewhere. If something else, this might not help you?
--
Rob McEwen
http://dnsbl.invaluement.com/
r
is your friend. Otherwise, it is more trouble than
its worth, imo.
Because many feel this way, I suspect that this may be the reason why
the lastest and greatest SPF support probably wasn' a huge priority for SA?
--
Rob McEwen
http://dnsbl.invaluement.com/
r...@invaluement.com
+1 (478) 475-9032
. (referring to legitimate situations here, not spam)
But the sending server couldn't possibly be sending from an IP that
the mail admin could have anticipated when setting up the SPF record.
...I'm sure there are others I haven't thought about!
--
Rob McEwen
http://dnsbl.invaluement.com/
r
the
original poster's intention of using this on the envelop from
minimizes that problem?)
--
Rob McEwen
http://dnsbl.invaluement.com/
r...@invaluement.com
+1 (478) 475-9032
as absolute standards for IPv6... I
haven't kept up with all the RFC for IPv6!)
--
Rob McEwen
http://dnsbl.invaluement.com/
r...@invaluement.com
+1 (478) 475-9032
, and without missiles.. and just depend on the foot
soldiers and tanks to do *all* the work. But is that wise? Does that
happen without a steep price?
We have a chance to impose some strict standards for mail sending on
IPv6 that will lessen these problems. Why wait until its too late?
--
Rob
. No need to give me any credit. I doubt that I'm the
first to things of these things anyways!
--
Rob McEwen
http://dnsbl.invaluement.com/
r...@invaluement.com
+1 (478) 475-9032
IPs (one-ip-per-spam)
...with that IP never to be heard from again)? (and with little or zero
collateral damage?)
--
Rob McEwen
http://dnsbl.invaluement.com/
r...@invaluement.com
+1 (478) 475-9032
$$/message.
Otherwise, you'd have to convince the CEO of Comcast to increase their
IT budget by 100x... and that would cut into profits... and he'd be
fired by the board for that. (to give just one example)
--
Rob McEwen
http://dnsbl.invaluement.com/
r...@invaluement.com
+1 (478) 475-9032
into this master IPv6 sender's list (as a means to
keep the volume further under control.)
--
Rob McEwen
http://dnsbl.invaluement.com/
r...@invaluement.com
+1 (478) 475-9032
On 12/30/2010 2:28 PM, David F. Skoll wrote:
I in no way implied that we should abandon
IP address lookups in favour of only content-scanning
Thanks for the clarification!
--
Rob McEwen
http://dnsbl.invaluement.com/
r...@invaluement.com
+1 (478) 475-9032
John Levine said:
Rob McEwen said:
To be extra clear, the kind of sender's list I was talking about
wouldn't be the same as a yellowlist because it would ALL types of IPs
(black, white, yellow). Except everyone... including spammers... would
have to jump through some hoops to get a single IP
sender's dream and a
DNSBL's nightmare. My proposed solution is the opposite.
--
Rob McEwen
http://dnsbl.invaluement.com/
r...@invaluement.com
+1 (478) 475-9032
realistic, the status quo is already not
realistic, even with the good ideas that you proposed, which did improve
on this problems in _some_ aspects.
--
Rob McEwen
http://dnsbl.invaluement.com/
r...@invaluement.com
+1 (478) 475-9032
IPs.
--
Rob McEwen
http://dnsbl.invaluement.com/
r...@invaluement.com
+1 (478) 475-9032
(and set
spam filtering years back) in the meantime.
--
Rob McEwen
http://dnsbl.invaluement.com/
r...@invaluement.com
+1 (478) 475-9032
it to the inbox INCREASED
substantially!!! Something would then VERY wrong with our measurements
of success!
--
Rob McEwen
http://dnsbl.invaluement.com/
r...@invaluement.com
+1 (478) 475-9032
On 1/4/2011 11:14 AM, David F. Skoll wrote:
On Tue, 04 Jan 2011 11:01:52 -0500
Rob McEwen r...@invaluement.com wrote
I've thought this through and... best case scenario is that spammers
then get 5+ years of play time because it will take at least that time
for those other techniques to catch
1 - 100 of 361 matches
Mail list logo