Re: SPAM fiiltering
On Sat, Nov 02, 2002 at 04:07:28AM -0800, Paul Johnson wrote:
> On Sat, Nov 02, 2002 at 11:51:50AM +0000, Colin Watson wrote:
> > Paul Johnson wrote:
> > > Spamcop email address. If the number of messages reported by humans
> > > as spam via Spamcop exceeds 2%, that IP gets blacklisted for 7 days,
> > > the spam percentage goes back below 2%, or until the ISP notifies SC
> > > that it's fixed. SC seems to be the most effective, with nearly
> > > surgical precision.
> > So that would be why they blacklisted master.debian.org a while back?
> Yup. Spam was sent through on a mailing list, so when it checked the
> headers, it came back to m.d.o, among other places. It also found the
> originating source of the spam.
> I believe someone in charge of the server was notified automatically
> by Spamcop of the mailing list rape, and given a login they could use
> to choose how Spamcop handles the incident and, to a lesser extent,
> how to handle situations in the future for m.d.o. Had this person
> been paying attention, they could have flagged m.d.o as an Innocent
> Bystander and it would have been removed sooner than m.d.o going back
> down below 2% two days after.
Nevertheless, it rather reduces my faith in their "surgical precision".
> Ironically, the source of the spam, which Spamcop also detected, was
> already listed in the Spamcop BL. Had m.d.o been using it as a
> droplist, the BL would have provided warning not to talk to the
> spamming box.
That's a null argument, and would apply to pretty much any RBL
regardless of their accuracy.
Colin Watson [email@example.com]