Deb
01-27-2005, 12:44 PM
:blowhorn: May as well go back to this thread http://aota.net/forums/showthread.php?t=18735 as it is still the most accurate for current events.
---------- The following failed and is no longer in place -------
We are shying away from lists that block and unblock quickly based on what's happening "in the moment" vs the lists that are strong in what they do taking hold of the hard core spammers and spam houses sternly while not spending too much time with the "ooops our user made a mistake" network blocks.
What FutureQuest is leaning toward.... and will likely replace the SCBL with today to see how it goes is the SpamHaus (SBL)
Reference for an easy to read overview of how it works:
http://www.spamhaus.org/sbl/sbl-rationale.html
The Spamhaus Block List ("SBL") is a database of IP addresses of direct spam sources; spammers, spam gangs and spam support services (but not open proxies or open relays), queriable in realtime by mail systems throughout the Internet for the purpose of refusing mail from known spam senders.
E.g. they are not worried about mistakes and are not penalizing the "new sysadmin" who has an open relay.... that guy will learn how to fix his system by the others who do care and as long as he's not spamming spamhaus doesn't worry about it. This isn't to say that FutureQuest wouldn't tack on a solid open-relay blacklist in addition to SBL.... that's still under discussion. Just note that SBL doesn't do it.
Also reference the Spamhaus DNSBL Data Feed Service
http://www.spamhaus.org/datafeed/index.html
"A Data Feed eliminates latency problems for large mail servers and very significantly speeds email filtering up, and enables more in-depth checks to be made on incoming mail (such as also checking IPs of URLs in messages against the SBL, in addition to the connecting IPs).
The Data Feed service has strong advantages [for FutureQuest] over the traditional scheme based on DNS queries over the public DNS infrastructure: 1) it is still based on DNS queries, so there is little difference (if any) in the mail servers configuration; 2) all DNS queries are local, so the turnaround time is short and entirely under your [FutureQuest's not per individual client] control; this means shorter transit times for messages; 3) as far as DNSBL checks are concerned, the mail flow will not be affected by any problem on the network or on the Spamhaus servers; 4) the service comes with a Service Agreement contract." [between Spamhaus and FutureQuest]
It also costs a few thousand dollars a year but I feel it would be more than worth it to:
a) further support them;
b) ensure we are able to use it at its fullest potential w/o adding to the list of "things that could go wrong"; and
c) get this problem on the to-done list as quickly and efficiently as possible :wink:
For "those in the know", if you have a problem with Spamhaus let us know your reasons.....
In the meantime, just be aware that we plan to begin testing this out today.
Deb
- Working through it one message at a time
---------- The following failed and is no longer in place -------
We are shying away from lists that block and unblock quickly based on what's happening "in the moment" vs the lists that are strong in what they do taking hold of the hard core spammers and spam houses sternly while not spending too much time with the "ooops our user made a mistake" network blocks.
What FutureQuest is leaning toward.... and will likely replace the SCBL with today to see how it goes is the SpamHaus (SBL)
Reference for an easy to read overview of how it works:
http://www.spamhaus.org/sbl/sbl-rationale.html
The Spamhaus Block List ("SBL") is a database of IP addresses of direct spam sources; spammers, spam gangs and spam support services (but not open proxies or open relays), queriable in realtime by mail systems throughout the Internet for the purpose of refusing mail from known spam senders.
E.g. they are not worried about mistakes and are not penalizing the "new sysadmin" who has an open relay.... that guy will learn how to fix his system by the others who do care and as long as he's not spamming spamhaus doesn't worry about it. This isn't to say that FutureQuest wouldn't tack on a solid open-relay blacklist in addition to SBL.... that's still under discussion. Just note that SBL doesn't do it.
Also reference the Spamhaus DNSBL Data Feed Service
http://www.spamhaus.org/datafeed/index.html
"A Data Feed eliminates latency problems for large mail servers and very significantly speeds email filtering up, and enables more in-depth checks to be made on incoming mail (such as also checking IPs of URLs in messages against the SBL, in addition to the connecting IPs).
The Data Feed service has strong advantages [for FutureQuest] over the traditional scheme based on DNS queries over the public DNS infrastructure: 1) it is still based on DNS queries, so there is little difference (if any) in the mail servers configuration; 2) all DNS queries are local, so the turnaround time is short and entirely under your [FutureQuest's not per individual client] control; this means shorter transit times for messages; 3) as far as DNSBL checks are concerned, the mail flow will not be affected by any problem on the network or on the Spamhaus servers; 4) the service comes with a Service Agreement contract." [between Spamhaus and FutureQuest]
It also costs a few thousand dollars a year but I feel it would be more than worth it to:
a) further support them;
b) ensure we are able to use it at its fullest potential w/o adding to the list of "things that could go wrong"; and
c) get this problem on the to-done list as quickly and efficiently as possible :wink:
For "those in the know", if you have a problem with Spamhaus let us know your reasons.....
In the meantime, just be aware that we plan to begin testing this out today.
Deb
- Working through it one message at a time