You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Sergio <se...@gmail.com> on 2011/11/28 19:00:50 UTC
What is the best RBL list?
Hi,
in your opinion, what it will be the best RBL Anti Spam list that could not
be left in a server, payed or free?
My server is an small server with a few accounts, but it seems that my RBLs
are not the best ones and I will like to have your inputs in which ones I
will need to relay on.
Best Regards,
Sergio
Re: What is the best RBL list?
Posted by Dave Warren <li...@hireahit.com>.
On 11/29/2011 10:48 AM, Kevin A. McGrail wrote:
>
> You are likely correct you were told that. However, speaking on
> behalf of the project, the mess of differing licenses and limits for
> RBLs and related projects has been very difficult to define a one-size
> fits all answer to the question of testing.
>
> What we want to avoid is becoming a advertising for a company or
> leading administrators to use a product that isn't free.
>
> So please open a bug about the testing and we can discuss it there.
> RBLs for mass-check testing have to be approved and added in a way
> that ensures they aren't published. I can't say we will approve it
> for testing, etc. but as mentioned, we don't mind the documentation
> and it creates a good record in case you decide to change your
> licensing (or whatever) might be a hangup.
>
> After that, whether the rules are included by default and or enabled
> by default is another debate that has to do with licensing, etc.
Speaking as an administrator (and an Invalument user, for whatever
that's worth) I'd love to see paid products included, at least to some
extent.
While I fully understand and agree with the desire to avoid becoming
part of a commercial product's advertising, for those of us that do
already use a particular product, it would be great to have more
information when it comes to setting scores.
--
Dave Warren, CEO
Hire A Hit Consulting Services
http://ca.linkedin.com/in/davejwarren
Re: What is the best RBL list?
Posted by "Kevin A. McGrail" <KM...@PCCC.com>.
On 11/29/2011 1:34 PM, Rob McEwen wrote:
> On 11/28/2011 1:55 PM, darxus@chaosreigns.com wrote:
>> If there are better blocklists that are not used by spamassassin, please
>> open a bug to have it evaluated. Even if the data is not freely available,
>> it would be useful to list on the spamassassin wiki.
> Darxus,
>
> I'd love to have the invaluement blacklists included in such
> evaluations. However, we are about to implement our largest
> hardware/software upgrades ever. So it would be ideal to start such
> inclusion in January, after the upgrades are completed and associated
> bugs are fixed. (we're moving to 64-bit hardware and, where possible,
> 64-bit software!)
>
> I had thought that, at some point in the past, I was told that only
> freely available DNSBLs would be included in such testing? But if I'm
> wrong or that has since changed, I'd welcome the opportunity to participate.
>
You are likely correct you were told that. However, speaking on behalf
of the project, the mess of differing licenses and limits for RBLs and
related projects has been very difficult to define a one-size fits all
answer to the question of testing.
What we want to avoid is becoming a advertising for a company or leading
administrators to use a product that isn't free.
So please open a bug about the testing and we can discuss it there.
RBLs for mass-check testing have to be approved and added in a way that
ensures they aren't published. I can't say we will approve it for
testing, etc. but as mentioned, we don't mind the documentation and it
creates a good record in case you decide to change your licensing (or
whatever) might be a hangup.
After that, whether the rules are included by default and or enabled by
default is another debate that has to do with licensing, etc.
Hope this helps clarify things.
Regards,
KAM
Re: What is the best RBL list?
Posted by Rob McEwen <ro...@invaluement.com>.
On 11/28/2011 1:55 PM, darxus@chaosreigns.com wrote:
> If there are better blocklists that are not used by spamassassin, please
> open a bug to have it evaluated. Even if the data is not freely available,
> it would be useful to list on the spamassassin wiki.
Darxus,
I'd love to have the invaluement blacklists included in such
evaluations. However, we are about to implement our largest
hardware/software upgrades ever. So it would be ideal to start such
inclusion in January, after the upgrades are completed and associated
bugs are fixed. (we're moving to 64-bit hardware and, where possible,
64-bit software!)
I had thought that, at some point in the past, I was told that only
freely available DNSBLs would be included in such testing? But if I'm
wrong or that has since changed, I'd welcome the opportunity to participate.
--
Rob McEwen
http://dnsbl.invaluement.com/
rob@invaluement.com
Re: What is the best RBL list?
Posted by Chris Owen <ow...@hubris.net>.
On Nov 28, 2011, at 1:17 PM, Daniel McDonald wrote:
> The best RBLS for getting rid of snow-shoe spammers are from Invaluement,
> but it is avaiable by subscription only. I don't know if Rob McEwen
> <ro...@invaluement.com> has any interest in running it through GA...
But the subscription rates are very reasonable compared with most.
Chris
--
-------------------------------------------------------------------------
Chris Owen - Garden City (620) 275-1900 - Lottery (noun):
President - Wichita (316) 858-3000 - A stupidity tax
Hubris Communications Inc www.hubris.net
-------------------------------------------------------------------------
Re: What is the best RBL list?
Posted by Dave Warren <li...@hireahit.com>.
On 11/29/2011 10:27 AM, Rob McEwen wrote:
> Instead, imo, the RBLs that you *do* need are the ones with (1)
> extreme few FPs and (2) which block spams that your other currently
> implemented RBLs are missing (particularly compared to those other
> RBLs w/extreme low FPs since RBLs with moderate-to-high FPs are either
> worthless, or can't be depended upon except for very low scoring...
> and that makes their unique "hits" not nearly as valuable as such hits
> are on a dependable low FP list).
I'm not really against a couple DNSBLs with high overlap either, these
combine nicely in a scoring configuration.
I don't allow any single DNSBL to cause a block on it's own, but when
two or three separately managed lists trip on the same IP, I take notice.
--
Dave Warren, CEO
Hire A Hit Consulting Services
http://ca.linkedin.com/in/davejwarren
Re: What is the best RBL list?
Posted by Rob McEwen <ro...@invaluement.com>.
On 11/28/2011 2:25 PM, Robert Schetterer wrote:
> Am 28.11.2011 20:17, schrieb Daniel McDonald:
>> On 11/28/11 12:55 PM, "darxus@chaosreigns.com" <da...@chaosreigns.com>
>> wrote:
>>> If there are better blocklists that are not used by spamassassin, please
>>> open a bug to have it evaluated. Even if the data is not freely available,
>>> it would be useful to list on the spamassassin wiki.
>> The best RBLS for getting rid of snow-shoe spammers are from Invaluement,
>> but it is available by subscription only.
> the best rbl is the one you dont need, a case which is very rare these
> days *g
I guess I must be dumb because Robert Schetterer's last sentence above
makes absolutely no sense to me.
Instead, imo, the RBLs that you *do* need are the ones with (1) extreme
few FPs and (2) which block spams that your other currently implemented
RBLs are missing (particularly compared to those other RBLs w/extreme
low FPs since RBLs with moderate-to-high FPs are either worthless, or
can't be depended upon except for very low scoring... and that makes
their unique "hits" not nearly as valuable as such hits are on a
dependable low FP list).
--
Rob McEwen
http://dnsbl.invaluement.com/
rob@invaluement.com
+1 (478) 475-9032
Re: What is the best RBL list?
Posted by Robert Schetterer <ro...@schetterer.org>.
Am 28.11.2011 20:17, schrieb Daniel McDonald:
>
>
>
> On 11/28/11 12:55 PM, "darxus@chaosreigns.com" <da...@chaosreigns.com>
> wrote:
>
>> On 11/28, Sergio wrote:
>>> in your opinion, what it will be the best RBL Anti Spam list that could
>>> not be left in a server, payed or free?
>>
>> All the best known RBLs are enabled in spamassassin by default.
>
>>
>> If there are better blocklists that are not used by spamassassin, please
>> open a bug to have it evaluated. Even if the data is not freely available,
>> it would be useful to list on the spamassassin wiki.
>
> The best RBLS for getting rid of snow-shoe spammers are from Invaluement,
> but it is avaiable by subscription only. I don't know if Rob McEwen
> <ro...@invaluement.com> has any interest in running it through GA...
>
>
the best rbl is the one you dont need, a case which is very rare these
days *g
i like spamhaus...
--
Best Regards
MfG Robert Schetterer
Germany/Munich/Bavaria
Re: What is the best RBL list?
Posted by Daniel McDonald <da...@austinenergy.com>.
On 11/28/11 12:55 PM, "darxus@chaosreigns.com" <da...@chaosreigns.com>
wrote:
> On 11/28, Sergio wrote:
>> in your opinion, what it will be the best RBL Anti Spam list that could
>> not be left in a server, payed or free?
>
> All the best known RBLs are enabled in spamassassin by default.
>
> If there are better blocklists that are not used by spamassassin, please
> open a bug to have it evaluated. Even if the data is not freely available,
> it would be useful to list on the spamassassin wiki.
The best RBLS for getting rid of snow-shoe spammers are from Invaluement,
but it is avaiable by subscription only. I don't know if Rob McEwen
<ro...@invaluement.com> has any interest in running it through GA...
--
Daniel J McDonald, CCIE # 2495, CISSP # 78281
Re: What is the best RBL list?
Posted by da...@chaosreigns.com.
On 11/28, Sergio wrote:
> in your opinion, what it will be the best RBL Anti Spam list that could
> not be left in a server, payed or free?
All the best known RBLs are enabled in spamassassin by default.
You may get more useful suggestions if you provide several example spam
emails using something like http://pastebin.com/
I've been working on some tips to improve spamassassin's accuracy here:
http://wiki.apache.org/spamassassin/IncreaseAccuracy
The best RBL, according to spamassassin's RuleQA, is SpamHaus XBL
http://www.spamhaus.org/xbl/ which is part of ZEN
http://www.spamhaus.org/zen/ and enabled in spamassassin by default (the
rule is RCVD_IN_XBL).
Most of the time when data is publicly available from an RBL, the
spamassassin developers will test it via masscheck and RuleQA. If it's
useful, it gets added to the default ruleset published via saupdate.
If there are better blocklists that are not used by spamassassin, please
open a bug to have it evaluated. Even if the data is not freely available,
it would be useful to list on the spamassassin wiki.
All rules, including those for blacklists (which generally start with
RCVD_IN_) are sorted from best to worst here:
http://ruleqa.spamassassin.org/#freqs_DETAILS_new
Warren Togami (a spamassassin developer)
occasionally provides excellent reviews of RBLs here:
http://www.spamtips.org/2011/05/dnsbl-safety-report-5142011.html
Actually, that reminds me, there is one RBL that hasn't been added to the
default rule set yet because it hasn't been decided how to score it:
RCVD_IN_MSPIKE_BL. Warren links to instructions to use it, although I
think the suggested scores may be high. The bug to add it to SA:
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6400
--
"...this thing we call 'failure' is not the falling down,
but the staying down." - Mary Pickford
http://www.ChaosReigns.com