On 07.10.07 05:55, Dan Mahoney, System Admin wrote:
>My problem is: blocklists come and go, and some blocklists, when they
>"go", do things like "hang up because they're being flooded, thus slowing
>my mail processes" or "flag all mail as spam" or "hand out stale data
that
>hasn't changed at all in months/years".
Dan,
Of all your worries, "flag all mail as spam" is by far the absolute
worst. But even that is very rare and, when it does happen, typically,
the blacklist had already been discontinued for months or years.
Nevertheless, the ONLY reason I've seen the "flag all mail as spam"
tactic used is to reduce the load on a DNS server or some other kind of
server where the owner of that domain seeks relief from the onslaught of
continued queries long past the life of the dnsbl.
But this "worst case" scenario will never occur with these two
blacklists that I referred to because both of them distribute their data
via RSYNC... so there really isn't any server to protect from direct
queries that happen years/months after the list is discontinued.
Your concern about "hang up because they're being flooded, thus slowing
my mail processes" is also not valid because when using RSYNC, **you**
are the one serving this data to your spam filtering... so you aren't
dependent on the speed or reliability of a 3rd party DNS server
interacting in real time with your spam filter (or lack thereof). In
fact, I pursue RSYNC whenever possible because I can't stand the idea of
my spam filtering being depending on the speed/reliability of
overburdened 3rd party DNS servers! (sure, I use local DNS caching...
and that helps... but some lookups are not going to be in the cache yet.)
Therefore, about the only concern that is left is (a) stale data from an
abandoned dnsbl... which is possible from an RSYNC-accessed list... as
what seems to have happened with tqmcube.com recently??, or (b) the
list's RSYNC server gets overloaded.
But, really, at some point, EVERYTHING in your life involves risk. You
take a risk every time you drive your care that someone heavily drunk is
going to swerve across the double line and hit you head-on. And I don't
think ANY spam filtering tactic is guaranteed to be "set it and forget
it" year after year after year. They all require some amount of
monitoring... if only, at the least, to ensure that some kind of
misconfiguration hasn't occurred on the consumer of the blacklist's end.
So the question is... are the benefits worth the risk? And what are the
probabilities involved?
In the case of "psbl", their FP rate has gotten really low in recent
months and they catch much spam that others miss and they've been around
for many years... demonstrating a pattern of reliability.
ivmSIP.com also catches much spam with an extremely low FP rate... and
ivmSIP is the "new kid on the block"... but I've found that a common
thread of many of the "dead RBLs" is that they were run on a volunteer
basis and the volunteer simply burned out and quit. This won't happen
with ivmSIP.com because ivmSIP will soon become a subscription-based RBL
where there is an economic incentive for the list to stay current and
for the paying subscribers to be satisfied with the service... something
these other "dead RBLs" were lacking! This will also prevent ivmSIP's
RSYNC server from getting overloaded or from having to limit
subscriber's data update frequency, as many others lists are forced to
do to keep their RSYNC servers from getting overloaded from TONS of
"free subscribers".
Therefore, I recommend that you re-think your choices here! Don't let
your quest for "guaranteed long-term perfection" keep you from making
**substantial** progress today!
Rob McEwen
