North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: SPAM Prevention/Blacklists

  • From: Patrick W.Gilmore
  • Date: Wed Mar 03 18:43:57 2004 
On Mar 3, 2004, at 6:00 PM, Richard Welty wrote:
Of the ones above, I only use spamhaus, combined with opm.blitzed.org &
relays.visi.com
i use the same ones as Patrick, but i also use the cbl (a component of the
spamhaus xbl, perhaps the only one at the present time, but that could change.)
Mind if I ask why you don't use the sbl-xbl?

BTW: I also use haebeas & bogons, but not really sure you would call haebeas a blacklist. :)


one thing i do is use opm.blitzed.org and cbl.abuseat.org at connect time.
hosts on these lists are pretty much guaranteed to be open proxies or
compromised hosts, so listening to them at all is a waste of time. no need
to wait until after RCPT TO: to 5xx, i just drop the connection.
I love opm.blitzed. I haven't tried cbl.abuseat.org. I'll have to check it out.


Also, I like sender verification, but that's me.
i used it for some time, and reluctantly shut it down. blocked a lot of email
abuse, but too many false positives for my taste.
Could you go into more detail?

I've only been using it a couple months, but I have a whole 1 false positive, and I'm not sure I'd call it a false positive. (Web page which sent e-mail and allowed anything in "from" address, but was password protected internal thing, so they were not doing sanity checking thinking it was guaranteed good e-mail.)

Maybe I have others I just don't know about? How many people send legit e-mail with return addresses which are bogus?

--
TTFN,
patrick

P.S. Disclaimer: I'm authoritative for the spam BLs I use.