> From: Kai Schaetzl [mailto:[EMAIL PROTECTED] > If you want to be safe, then use rbl+xbl.Spamhaus only. It is > safe *and* effective. If you add any other you risk getting > false positives. That is in the nature of RBLs and there is > no reason to complain about that fact or any of these RBLs.
You RISK getting false positives with ANY RBL -- while I generally agree about rbl-xbl, they are quite good for me, they both on rare occasions give me false positives. If you get enough email, virtually any RBL will give a false positive sooner or later. Of course if the context is scoring in SA they are among the best choices. If you use Greylisting which offers virtually zero false positives IN CONJUNCTION with quality RBLs like Spamhaus rbl+xbl then you can eliminate false positives and still benefit from blocking on such RBLs -- even less reliable RBLs will work for this. Roughly 90% of those items greylisted will never return. And you will lose nothing (*Note: "nothing" cannot be guaranteed even here, but in practice it is true.) We never reject on a single criteria except obvious things like using our server name or IP in the HELO, or a HELO that claims to be from a known ISP but is an obvious lie on reverse lookup, or things like bad recipients/attempts to relay. Most everything else is used to drive greylisting -- even SpamAssassin-likely-Spam-scores drive greylisting (if the mail has not been previously greylisted). We use several RBLs (in Exim) this way too -- to drive greylisting or in combination with other checks. Then we use RBLs with SpamAssassin to adjust the SA scores for mail that does get through. Result: Drastic reduction in mail needing review, no false positive drops (and practically none in spam catch folders), and practically all spam caught. Greylisting is cool. Combined with things like RBLs and other "spammy suspicious" checks it is nothing but a big win. -- Herb Martin
