Re: Other DNSBL's
I'm looking to add other DNSBL's to tomorrow's weekly mass check. I realize most of them probably are too broken to bother, but it would be nice to get some real numbers to confirm it so since the Internet lacks any real DNSBL comparisons that include Ham FP safety. If you are looking for real numbers, this should be helpful for you: Blacklists Compared - weekly reports of DNS blacklists lookups http://www.sdsc.edu/~jeff/spam/cbc.html Blacklist Monitor - accuracy and inaccuracy rates of various blacklists http://www.intra2net.com/en/support/antispam/ Please pay attention that some blacklists do only list IP addresses for hours. When running the mass check you need realtime data to get reliable results. -- Bjoern Sikora
Re: Other DNSBL's
(back from vacation ;) BTW, could you add tflags nopublish to any rules? or use a T_ prefix on the rule names. that will ensure the testing rules won't get into any published ruleset accidentally. this is very important to avoid accidentally causing a production-level DOS on the BL's servers --j. On Fri, Oct 16, 2009 at 14:41, Warren Togami wtog...@redhat.com wrote: I'm looking to add other DNSBL's to tomorrow's weekly mass check. I realize most of them probably are too broken to bother, but it would be nice to get some real numbers to confirm it so since the Internet lacks any real DNSBL comparisons that include Ham FP safety. http://antispam.imp.ch/06-dnsbl.html This one seems to have 3% of the hits compared to PSBL, so I am not bothering to test it in masscheck. http://bl.csma.biz/ It seems that this blacklist is simply dead. Zero hits on their SBL list within the last day. Any other DNSBL's out there that you folks use that are worth comparing? Warren Togami wtog...@redhat.com -- --j.
Re: Other DNSBL's
Replying to a private post in public because the results are important. On 10/16/2009 10:22 AM, Anonymous wrote: http://www.lashback.com/support/UnsubscribeBlacklistSupport.aspx It seems to hit a lot, but I don't have a good feel for how reliable it is. http://ruleqa.spamassassin.org/20091017-r826198-n/T_RCVD_IN_UBL/detail Tested the Lashback UBL in the Saturday masscheck. 7.9% of spam and 2.3% ham! This blacklist in its current form is dangerous and should not be used. Warren Togami wtog...@redhat.com
Other DNSBL's
I'm looking to add other DNSBL's to tomorrow's weekly mass check. I realize most of them probably are too broken to bother, but it would be nice to get some real numbers to confirm it so since the Internet lacks any real DNSBL comparisons that include Ham FP safety. http://antispam.imp.ch/06-dnsbl.html This one seems to have 3% of the hits compared to PSBL, so I am not bothering to test it in masscheck. http://bl.csma.biz/ It seems that this blacklist is simply dead. Zero hits on their SBL list within the last day. Any other DNSBL's out there that you folks use that are worth comparing? Warren Togami wtog...@redhat.com
Re: Other DNSBL's
On Fri, Oct 16, 2009 at 09:41:57AM -0400, Warren Togami wrote: I'm looking to add other DNSBL's to tomorrow's weekly mass check. I realize most of them probably are too broken to bother, but it would be nice to get some real numbers to confirm it so since the Internet lacks any real DNSBL comparisons that include Ham FP safety. http://antispam.imp.ch/06-dnsbl.html This one seems to have 3% of the hits compared to PSBL, so I am not bothering to test it in masscheck. http://bl.csma.biz/ It seems that this blacklist is simply dead. Zero hits on their SBL list within the last day. Any other DNSBL's out there that you folks use that are worth comparing? Not that it isn't a worthy cause, but you can't just start adding arbitrary unknown lists to mass checks. Some of them might crumble from the sudden mass check flood. IMO a centralized rsync datasource for all the mass checked BLs would be nice. Wonder if someone had the connections to pull it off? It would save resources from all and speed up the checks. Spamhaus etc would only need to donate the data once a week.
RE: Other DNSBL's
Any other DNSBL's out there that you folks use that are worth comparing? Warren Togami wtog...@redhat.com Warren, ask michael scheidell... he has a list for you that is 100% effective... :-) - rh
Re: Other DNSBL's
ask michael scheidell... he has a list for you that is 100% effective... yeah, like that same joke that grandpa keeps telling over and over.. the first time it was a little bit funny... but now it is annoying, particularly the way he is the only one in the room laughing each time. -- Rob McEwen http://dnsbl.invaluement.com/ r...@invaluement.com +1 (478) 475-9032
Re: Other DNSBL's
R-Elists wrote: Warren, ask michael scheidell... he has a list for you that is 100% effective... seriously, google for 'blocked.secnap.net' give it a try, any ip address that you ever even got one spam on is listed. (note, if you use this list on a production system it will block legit email) -- Michael Scheidell, CTO Phone: 561-999-5000, x 1259 *| *SECNAP Network Security Corporation * Certified SNORT Integrator * 2008-9 Hot Company Award Winner, World Executive Alliance * Five-Star Partner Program 2009, VARBusiness * Best Anti-Spam Product 2008, Network Products Guide * King of Spam Filters, SC Magazine 2008 _ This email has been scanned and certified safe by SpammerTrap(r). For Information please see http://www.spammertrap.com _
Re: Other DNSBL's
Warren Togami wrote: I'm looking to add other DNSBL's to tomorrow's weekly mass check. I realize most of them probably are too broken to bother, but it would be nice to get some real numbers to confirm it so since the Internet lacks any real DNSBL comparisons that include Ham FP safety. http://www.dnsbl.com/ has some test results which aren't bad, though his ham corpus does include some legitimate commercial email (which I know some folks on this list would claim could never, ever, ever, ever not be spam.) -- J.D. Falk Return Path Inc http://www.returnpath.net/
Re: Other DNSBL's
Henrik K schrieb: IMO a centralized rsync datasource for all the mass checked BLs would be nice. Wonder if someone had the connections to pull it off? It would save resources from all and speed up the checks. Spamhaus etc would only need to donate the data once a week. We don't see any particular impact from SA masschecks in the dnswl.org logs. FWIW, dnswl.org data is available via rsync for free to all interested parties in a number of formats. -- Matthias