Hello Jeff, Monday, March 7, 2005, 3:17:49 AM, you wrote:
JC> On Sunday, March 6, 2005, 7:04:19 PM, Robert Menschel wrote: >> I've been using William Stearns' compiled blacklist available at >> http://www.stearns.org/sa-blacklist/sa-blacklist.current.cf and have >> contributed to it from time to time. JC> If you're able to use network tests, using ws.surbl.org instead JC> of sa-blacklist will do the same thing with much less JC> SpamAssassin memory overhead. Many SA administrators have JC> stopped using large static URI domain rulesets like sa-blacklist JC> and bigevil.cf in favor of SURBLs and they report good results. Jeff -- wrong ruleset. I'm not talking about the URI blacklist.cf, but rather the blacklist_from ruleset. SURBL is what I use to detect that an email points to a spammer's web site. blacklist.cf is what I use to detect that an email comes from a spammer. Likewise, whitelist_from_rcvd does not reference URIs within an email, but instead checks the first link outside the receiving network, and if the From header (for simplicity) matches the source of that received header (the one our network can recognize reliably), and if so, we are then able to deduce that the From header is not forged, and can whitelist the email. Bob Menschel
