Quoting Rob McEwen <r...@invaluement.com>:
On 6/10/2014 10:21 AM, Axb wrote:
All URI BLs I know of (SURBL/URIBL/DBL/Invaluement/etc) check & track
domain reputation otherwise they'd be unusable.
Their listings are not blind - they all have their secret sauce to
process before listing a domain.
Absolutely. As Axb and KAM and others stated, a very young domain age is
too dangerous to outright block or score high on... but might be a good
factor or good for combining with other rules.
Also, if anyone does see spam that contain domains in the clickable
links where that spam should have been blocked, but was not... then
check the domain contained within the spam again the lookup found at
http://multirbl.valli.org and/or http://mxtoolbox.com/blacklists.aspx
(some months ago, MX Toolbox upgraded their system to check domains
against URI/domain blacklists. In some cases, this could have been a
game of inches where your user caught the "tip of the spear" and
received the very first spams in a spam campaign that otherwise was
quickly listed by the well known URI BLs. However, you may find that one
or two good URI BLs are simply not implemented in your system--where
that would have made all the difference! Those lookup forms will point
you in the right direction.
The same can also be true for checking sending IPs--then reviewing your
current mix of sender's IP dnsbls (aka RBLs).
Of course, don't fall into the trap of using a BL that catches much, but
has too many FPs. But the list of URI BLs that Axb gave above are all
extremely low-FP URI blacklists.
In my case, Yes, I am using all the above and more.
I had a user that normally never gets spam, started receiving around
20 per day, that where not marked.
I found that around 18per day of these where from a new domain. These
did appear on multirbl.valli.org lists, like invaluement, and uribl
after a day or two. I hadn't seen them hit dbl or surbl though.
This is what caused me to seriously look into if this method was
useful, just greylisting the email for a day, would cause a huge
benifit, for new domains, without causing an extreem backlash.
There are all kinds of way to use the infomation. I just don't
understand why people are so against it, cause it's not 100% foolproof.
Nothing about marking spam is 100% foolproof.
