Re: Which Spam Block List to use for a network?

To: "Francisco Borges" <frandebo@latt.if.usp.br>, "Debian User" <debian-user@lists.debian.org>
Cc: <debian-isp@lists.debian.org>
Subject: Re: Which Spam Block List to use for a network?
From: "Jason Lim" <maillist@jasonlim.com>
Date: Sat, 19 Jun 2004 00:29:39 +0800
Message-id: <[🔎] 137a01c45551$75d45c60$ce00a8c0@SYSTEM9>
Reply-to: "Jason Lim" <maillist@jasonlim.com>
References: <[🔎] 20040618142958.GA19680@let.rug.nl>

> I've used (through notespam) for my own private email, the following
> lists:
> Visi (relays.visi.com);
> ORDB (relays.ordb.org);
> SpamCop (bl.spamcop.net);
> dorkslayers (orbs.dorkslayers.com).

Pretty good list... ecept for dorkslayers.

In general, for an ISP or hosting provider (or anyone who handles large
volumes of email) you should NOT go with the controversial lists on a
global scale, or ones where it is impossible to get out of. The reason
being that you want to minimize false positives, even if this means a few
extra spams get through. You cannot afford to have a CEO's email
"mistakenly" blocked as spam.

The best way to do this is to go with most of the "open relay" and "open
proxy" lists.

So that would be visi and ordb (you already got those) PLUS
opm.blitzed.org and xbl.spamhaus.org. These two are also open proxy lists,
although opm and xbl I think have the same content (so check to make sure,
so you don't do double queries and waste bandwidth and others resources).

> SpamCop works fine for my own email, where most people are whitelisted,
> but is said [1] not to be suitable for a production environment and what
> we have here is precisely that...
>
> [1]:http://www.spamcop.net/bl.shtml

Spamcop is okay... it has some "controversial" blocks such as
Internetseer. I never asked for their email, but they got it somehow...
well, anyway, some say they are hardcore spammers, some not. But Spamcop
in general gets most of the US spam. However, it doesn't seem to catch
much Korean/China spam... so YMMV.

> Since I've only used this sort of thing at "personal email level" I'm
> wondering if anyone here could provide me with information over which
> would be a responsible and unbiased [*] Block List for an
> *international* production environment.

> [*]: Several "Block Lists" seem to be highly biased, if not prejudiced,
> in the sense that they will easily block huge chunks of IP space from
> some countries but will hardly do so for ISPs within other countries.

Certainly avoid ALL country block lists, and block lists that include
large chunks of IPs. This may include SPEWS and SBL. They are okay in a
weighting system (such as with Spamassassin) but not good if you're using
them to block outright (especially Spews and false positives). SBL is
better than Spews, although less aggressive.

Better to do the open relays and proxy blocking at the server level, and
let people block the rest (eg. block all China, block all Asia, block all
Europe, Spews, etc.) in a client/personal level. That is the best solution
we have found.

You can also find a very good list of RBL Spam lists at:
http://www.declude.com/Articles.asp?ID=97

and it even has warnings and brief descriptions. I find it very useful to
keep updated on whats new and whats good.

Hope this helps!

Jas

Reply to:

References:
- Which Spam Block List to use for a network?
  - From: Francisco Borges <frandebo@latt.if.usp.br>

Prev by Date: Legal English online seminar
Next by Date: Re: WINNING NOTIFICATION [SCANNED]
Previous by thread: Re: Which Spam Block List to use for a network?
Next by thread: Re: Which Spam Block List to use for a network?
Index(es):
- Date
- Thread