Anyone using zen.spamhaus.org?

Dennis Willson taz at taz-mania.com
Wed Sep 6 07:47:00 IST 2006 

Res wrote:
> On Tue, 5 Sep 2006, Logan Shaw wrote:
>
>> Whether it defeats the purpose depends on what the purpose is.
>
> The purpose is made up of and in the order of...
>
> Protecting users as much as possible from privacy invaders
> Lessen the load as much as possible on the SMTP servers
> Bandwith usage/costs
>
> Why should anyone go out and spend say 10K on another basic server to 
> handle the extra load? nobody can ever tell me why I should do that,
> its always "get more or better hardware so S.A can work better" er no 
> sorry, ill reduce the loading on the existing gear by preventing their 
> trash from even trying to occupy any more of my resources.
>
>> and bandwidth) available have versus the consequences of knowing
>> that you've discarded/refused when you've had false positives.
>
> I've not yet once in all the years of use of RBL's, like back to when 
> maps was the in and only thing (and free) ever seen an IP wrongfully 
> blocked.
Well I've been using RBLs for just as long and they have errors all the 
time. I depends on the RBL and how they get their listings as to how 
accurate they are. Recently I had problems with SpamCop listing yahoo 
groups servers and my users yelled about that...

> If that scumbag shares a colo with 999 other hosts who are doing 
> nothing wrong, it is up to the admins of the zone to get off their 
> lazy useless asses and deal with the problem makers, most times (but 
> admittedly not all)
> an IP only gets in a list because system admins ignore complaints and 
> fail to deal with them for fear of losing that customer, their actions 
> of ignoring it, now places them at risk of instead of losing the 1 
> idiot, they risk losing the other 999 innocent parties whos mail is 
> blocked instead.
>
> I also operate in similar way with the sendmail and qmail access 
> files, if we complain about spammers and a network fails to act after 
> multiple complaints then ill take them out. For instance, I currently 
> have
> RHS blocking on  telusplanet.net, comcast.net and hinet.net, 3 i 
> gather very large international ISP's. They prolly care about this as 
> much as i do now but at least my users wont see much if any of their 
> trash :)
This is a poor way block Spam. Since most Spammers use spoofed email 
addresses including using valid user addresses who had nothing to do 
with the Spam (usually by picking an address from their sending list and 
use that as the From: address), so while it may block some Spam, it also 
blocks many many users that had nothing to do with sending Spam. 
Comcast.net itself does not send Spam, while some Spam comes from email 
addresses that say they're from comcast.net, this is generally due to 
spoofing. I have also tracked lots IP addresses of originating hosts to 
be on the comcast network... They were not from the comcast owned mail 
servers and the From: email address was not using the comcast.net domain 
so blocking the comcast.net domain doesn't really block Spam from 
comcast.net customers. At least this is where RBLs do a better job as 
they block based on the IP address of the server not the email address 
of the spoofed sender.

It would be nice if comcast used SPF to make it easier to verify spoofed 
email addresses....

Actually I get the best results from Greet Pause, Sender Address 
Verification and Greylisting. I do a number of other things at the SMTP 
level as well, then follow it up with SpamAssasin/MailScanner to catch 
the remaining Spam.
>
>

More information about the MailScanner mailing list