I am surprised that NONE seem to be scoring in the HABEAS_VIOLATOR network tests. Aren't these included as part of the network tests by default, or is there something I need to enable?
AFAIK they are included by default, but the source of HABEAS_VIOLATOR is an IP-based blacklist. At the time Habeas was designed, most spam was coming through open relays/proxies or directly from the spammer's IP range. The rise of virus-infected zombie relays, however, has made IP-based blacklists useless against spammers that use them.
The next step that's needed is a URI-based list of infringers, which is what I do locally. Back during the first attack, and again yesterday, I looked for the websites being advertized, created a URI rule, then created my own HABEAS_VIOLATOR_LOCAL meta-rule to counteract the score. It takes all of three minutes to set up.
Sure, that won't scale if the abuse increases, but neither will most anti-spam solutions. We just have to keep layering them on top of each other. Relay limits + IP blacklists + domain blacklists + domain validation + HELO validation + content filtering + hash comparison + sender verification - it just goes on and on.
Kelson Vibber
SpeedGate Communications <www.speed.net>
