O.T. milter-link - reject phishing & spam

Stephen Swaney steve.swaney at fsl.com
Thu Jun 29 02:16:51 IST 2006 

> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
> bounces at lists.mailscanner.info] On Behalf Of Ken A
> Sent: Wednesday, June 28, 2006 8:03 PM
> To: MailScanner discussion
> Subject: Re: O.T. milter-link - reject phishing & spam
> 
> 
> 
> Ken A wrote:
> >
> >
> > Steve Freegard wrote:
> >> Hi Ken,
> >>
> >> Ken A wrote:
> >>> Is the URIBL in your graph just a generic term here, or are you using
> >>> milter-link with URIBL rather than SURBL, or both? I was just testing
> >>> using SURBL, but might drop a couple more in and see how it goes...
> >>
> >> It's a generic term -- I use all three URI lists (in the following
> >> order):
> >>
> >> sbl-xbl.spamhaus.org
> >> multi.surbl.org
> >> black.uribl.com
> >>
> >> The spamhaus test is slightly different from the other two lists -- it
> >> lists the IP addresses of spamvertised web servers and seems to work
> >> the best of all three lists.
> >
> > Seems like that could be risky when considering a shared hosting
> > environment, where there are hundreds of sites on a single IP. Wouldn't
> > you be punishing them all?
> 
> for example..
> 
> # host humboldt.edu
> humboldt.edu has address 137.150.145.17
> # host 17.145.150.137.sbl-xbl.spamhaus.org
> 17.145.150.137.sbl-xbl.spamhaus.org has address 127.0.0.4
> 
> That's Humboldt State University in Northern California.
> I wonder if they host student sites, or have an open relay script..
> :-(
> 
> Another one..
> #host alumni.net
> alumni.net has address 66.240.255.123
> # host 123.255.240.66.sbl-xbl.spamhaus.org
> 123.255.240.66.sbl-xbl.spamhaus.org has address 127.0.0.4
> 
> This is a alumni networking site claiming 4 million members..
> They aren't on any other lists, probably another site on the same ip is
> being exploited to send spam. I think maybe just the sbl might be safer,
> at least for an ISP environment.
> 
> Thanks,
> Ken A.
> Pacific.Net

Ken,

I don't dispute your analysis or data but our service bureau scanners and
all of our client's (Mostly UK, EU and US sites) have been blocking at the
MTA level on sbl-xbl.spamhaus.org since it came into being. Maybe it's just
luck but we've never had a single complaint of blocked email from a client
or user that had email blocked because of an sbl-xbl.spamhaus.org listing.

Many of our ISP and ASP clients would be unable to process the email they
receive if they didn't block or drop on sbl-xbl.spamhaus.org at the MTA
level. We are seeing some of our IPS client sites where the attempted spam /
junk delivery rate is 95% of all incoming email. They have just got to block
as much as possible at the MTA level or they are out of business! 

My hats off to the people who maintain the sbl-xbl.spamhaus.org list. We
should all tip our hats and support as best we can all of the good folks who
create and maintain all of the lists and tools we use every day to stop
#@!&*@#$! spam, viruses, phishing attacks, etc., etc.

These are the people who are really keeping the Internet up, running and
open for business. 

Just my 2p / 2c

Steve

Stephen Swaney
Fort Systems Ltd.
stephen.swaney at fsl.com
www.fsl.com

More information about the MailScanner mailing list