On 08/07/03 at 20:47 -0400, Paul Hess opined:
> I use a slew of RBL's that I've added over time without really
> assessing them. I just decided to see how they're doing so I took a
> log file and massaged the data a bit with BBEdit and Excel. Below is
> a list of how many SPAMS were blocked by each RBL. Any comments or
> thoughts are welcome.
Just my opinion, but I think there are too many factors unaccounted for in
this analysis for it to really be useful.
> My own thoughts: The results are skewed based on the sequence,
> because if a spam is caught by one RBL then another RBL does not have
> the opportunity to catch it.
That's an important point.
> I've listed it in the order that they appear in my RBL list. So for
> instance spamcop is probably pretty impressive because it caught 158
> spams above and beyond what all the others caught. Conversely ordb
> is pretty dissapointing because it had first crack at all the spams
> and missed most of them.
Don't forget that ORDB lists open relays only. Other lists in your set use
different criteria, so you're comparing apples to oranges. That said, ORDB
does seem a bit less effective for me now than when I first started using
it.
> I'm disappointed in the country specific ones but that might be
> because I have a huge explicit blacklist that probably already covers
> most of those addresses. I also catch a huge number of spams with
> spamtraps and my custom blacklist so that skews the results.
Since adding the country specific lists to my own RBL list, I've removed
the corresponding entries from my internal blacklist, both to reduce the
size of my blacklist and because it means that I can let someone else
maintain those lists. I log plenty of rejections based on them.
> Based on this I'll probably dump ordb, blitzed, and some of the
> country specific RBL's.
Blitzed has been quite effective for me. Your result could be because it's
the last entry in your list, after at least one other RBL that lists open
proxies (relays.osirusoft.com). Also, make sure that you've got the right
address range for it in your internal blacklist. It's 127.1.0.1-32, not
127.0.0.2-255.
You might try switching the order of SPEWS and SBL and see how they
compare. SPEWS is one of the worst offenders when it comes to arbitrarily
assigning guilt by association and blacklisting huge blocks in order to
catch a handful of hosts that are actually engaged in spamming. If you can
see your way clear to not using it, you'll probably significantly reduce
your risk of false positives. Don't forget to adjust your internal
blacklist to ignore SPEWS responses from Osirusoft. A similar comment goes
for Spamcop.
> 53 relays.ordb.org
> 628 Spews.relays.OsiruSoft.com
> 142 sbl.spamhaus.org
> 483 relays.osirusoft.com
> 451 list.dsbl.org
> 31 korea.services.net
> 158 bl.spamcop.net
> 8 brazil.blackholes.us
> 3 thailand.blackholes.us
> 8 china.blackholes.us
> 0 opm.blitzed.org
--
Christopher Bort | [EMAIL PROTECTED]
Webmaster, Global Homes | [EMAIL PROTECTED]
<http://www.globalhomes.com/>
#############################################################
This message is sent to you because you are subscribed to
the mailing list <[EMAIL PROTECTED]>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to <[EMAIL PROTECTED]>
