Other DNSBL's

[Warren Togami <wt...@redhat.com>]

I'm looking to add other DNSBL's to tomorrow's weekly mass check.  I 
realize most of them probably are too broken to bother, but it would be 
nice to get some real numbers to confirm it so since the Internet lacks 
any real DNSBL comparisons that include Ham FP safety.

http://antispam.imp.ch/06-dnsbl.html
This one seems to have 3% of the hits compared to PSBL, so I am not 
bothering to test it in masscheck.

http://bl.csma.biz/
It seems that this blacklist is simply dead.  Zero hits on their "SBL" 
list within the last day.

Any other DNSBL's out there that you folks use that are worth comparing?

Warren Togami
wtogami@redhat.com

Re: Other DNSBL's

[Justin Mason <jm...@jmason.org>]

(back from vacation ;)

BTW, could you add

  tflags nopublish

to any rules?  or use a T_ prefix on the rule names.  that will ensure
the testing rules won't get into any published ruleset
accidentally.  this is very important to avoid accidentally causing a
production-level DOS on the BL's servers....


--j.

On Fri, Oct 16, 2009 at 14:41, Warren Togami <wt...@redhat.com> wrote:
> I'm looking to add other DNSBL's to tomorrow's weekly mass check.  I realize
> most of them probably are too broken to bother, but it would be nice to get
> some real numbers to confirm it so since the Internet lacks any real DNSBL
> comparisons that include Ham FP safety.
>
> http://antispam.imp.ch/06-dnsbl.html
> This one seems to have 3% of the hits compared to PSBL, so I am not
> bothering to test it in masscheck.
>
> http://bl.csma.biz/
> It seems that this blacklist is simply dead.  Zero hits on their "SBL" list
> within the last day.
>
> Any other DNSBL's out there that you folks use that are worth comparing?
>
> Warren Togami
> wtogami@redhat.com
>
>



-- 
--j.

Re: Other DNSBL's

["J.D. Falk" <jd...@cybernothing.org>]

Warren Togami wrote:

> I'm looking to add other DNSBL's to tomorrow's weekly mass check.  I 
> realize most of them probably are too broken to bother, but it would be 
> nice to get some real numbers to confirm it so since the Internet lacks 
> any real DNSBL comparisons that include Ham FP safety.

http://www.dnsbl.com/ has some test results which aren't bad, though his ham 
corpus does include some legitimate commercial email (which I know some 
folks on this list would claim could never, ever, ever, ever not be spam.)

-- 
J.D. Falk
Return Path Inc
http://www.returnpath.net/

Re: Other DNSBL's

[Bjoern Sikora <bj...@intra2net.com>]

> I'm looking to add other DNSBL's to tomorrow's weekly mass check.  I
> realize most of them probably are too broken to bother, but it would be
> nice to get some real numbers to confirm it so since the Internet lacks
> any real DNSBL comparisons that include Ham FP safety.

If you are looking for real numbers, this should be helpful for you:

Blacklists Compared - weekly reports of DNS blacklists lookups
http://www.sdsc.edu/~jeff/spam/cbc.html

Blacklist Monitor - accuracy and inaccuracy rates of various blacklists
http://www.intra2net.com/en/support/antispam/

Please pay attention that some blacklists do only list IP addresses for hours.
When running the mass check you need realtime data to get reliable results.

--
Bjoern Sikora

Re: Other DNSBL's

[Matthias Leisi <ma...@leisi.net>]

Henrik K schrieb:

> IMO a centralized rsync datasource for all the mass checked BLs would be
> nice. Wonder if someone had the connections to pull it off? It would save
> resources from all and speed up the checks. Spamhaus etc would only need to
> "donate" the data once a week.

We don't see any particular impact from SA masschecks in the dnswl.org
logs.

FWIW, dnswl.org data is available via rsync for free to all interested
parties in a number of formats.

-- Matthias

Re: Other DNSBL's

[Henrik K <he...@hege.li>]

On Fri, Oct 16, 2009 at 09:41:57AM -0400, Warren Togami wrote:
> I'm looking to add other DNSBL's to tomorrow's weekly mass check.  I  
> realize most of them probably are too broken to bother, but it would be  
> nice to get some real numbers to confirm it so since the Internet lacks  
> any real DNSBL comparisons that include Ham FP safety.
>
> http://antispam.imp.ch/06-dnsbl.html
> This one seems to have 3% of the hits compared to PSBL, so I am not  
> bothering to test it in masscheck.
>
> http://bl.csma.biz/
> It seems that this blacklist is simply dead.  Zero hits on their "SBL"  
> list within the last day.
>
> Any other DNSBL's out there that you folks use that are worth comparing?

Not that it isn't a worthy cause, but you can't just start adding arbitrary
unknown lists to mass checks. Some of them might crumble from the sudden
mass check flood.

IMO a centralized rsync datasource for all the mass checked BLs would be
nice. Wonder if someone had the connections to pull it off? It would save
resources from all and speed up the checks. Spamhaus etc would only need to
"donate" the data once a week.

Re: Other DNSBL's

[Michael Scheidell <sc...@secnap.net>]

R-Elists wrote:
> Warren,
>
> ask michael scheidell... he has a list for you that is 100% effective...
>
>   
seriously, google for 'blocked.secnap.net'

give it a try, any ip address that you ever even got one spam on is listed.
(note, if you use this list on a production system it will block legit 
email)

-- 
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
 > *| *SECNAP Network Security Corporation

    * Certified SNORT Integrator
    * 2008-9 Hot Company Award Winner, World Executive Alliance
    * Five-Star Partner Program 2009, VARBusiness
    * Best Anti-Spam Product 2008, Network Products Guide
    * King of Spam Filters, SC Magazine 2008


_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r). 
For Information please see http://www.spammertrap.com
_________________________________________________________________________

Re: Other DNSBL's

[Rob McEwen <ro...@invaluement.com>]

> ask michael scheidell... he has a list for you that is 100% effective...

yeah, like that same joke that grandpa keeps telling over and over.. the
first time it was a little bit funny... but now it is annoying,
particularly the way he is the only one in the room laughing each time.

-- 
Rob McEwen
http://dnsbl.invaluement.com/
rob@invaluement.com
+1 (478) 475-9032

RE: Other DNSBL's

[R-Elists <li...@abbacomm.net>]

 

> 
> Any other DNSBL's out there that you folks use that are worth 
> comparing?
> 
> Warren Togami
> wtogami@redhat.com

Warren,

ask michael scheidell... he has a list for you that is 100% effective...

:-)

 - rh

Re: Other DNSBL's

[Warren Togami <wt...@redhat.com>]

On 10/20/2009 06:16 AM, Justin Mason wrote:
> I think some people's concern was that net rules could find their way into
> the sa-update channel, and be used in production.  (This is currently
> possible if someone installs trunk and uses sa-update.)  If you use
> "tflags nopublish", this risk is avoided, so that may help too.
>
> FWIW, I agree that it's valuable to test these and gather ruleqa stats,
> as long as we ensure they are T_ test rules and don't leak to production.
>

I have always used tflags nopublish for these rules.

Warren

Re: Other DNSBL's

[Justin Mason <jm...@jmason.org>]

On Tue, Oct 20, 2009 at 06:07, Warren Togami <wt...@redhat.com> wrote:
> On 10/19/2009 01:40 PM, Karsten Bräckelmann wrote:
>>
>> Warren, since you don't even intend to include these BLs in stock SA, as
>> you mentioned in a follow-up...
>>
>> Please do not use the mass-check contributors for your or the BL's
>> personal statistics, without even asking the contributors. They are a
>> precious resource.
>>
>> The mass-checks are there to evaluate SA rule's performance. They are
>> not free for personal interest. If you want some stats for yourself,
>> please run it on your systems. Don't expect everyone else to do it for
>> you.
>
> I must qualify that my intent was never to test anything purely from
> personal interest or to use everyone else's systems to test rules that may
> never benefit spamassassin in the future.  I am insulted if this is the
> insinuation.
>
> Various BL's I am testing are assessing future suitability for SA.  But as
> noted earlier I am not rushing this, and I certainly do not have illusions
> that we should add as many blacklists as possible.  Currently all of those
> BL's are incapable of the load capacity to become production rules.  They
> are also exhibiting FP problems, which masschecks are helping to identify
> and fix their methodologies.  It took several weeks of masschecks to
> identify PSBL's trap logic bugs.  Finally even if they manage to become
> safer to FP's and with sufficient capacity to handle spamassasin, we may
> still decide it is a bad idea to go production because they are redundant by
> overlap analysis.
>
> It seems the main cause for concern was notification before net rule
> changes.  I will do so in the future.

I think some people's concern was that net rules could find their way into
the sa-update channel, and be used in production.  (This is currently
possible if someone installs trunk and uses sa-update.)  If you use
"tflags nopublish", this risk is avoided, so that may help too.

FWIW, I agree that it's valuable to test these and gather ruleqa stats,
as long as we ensure they are T_ test rules and don't leak to production.

-- 
--j.

Re: Other DNSBL's

[Karsten Bräckelmann <gu...@rudersport.de>]

On Tue, 2009-10-20 at 01:07 -0400, Warren Togami wrote:
> On 10/19/2009 01:40 PM, Karsten Bräckelmann wrote:
> > Warren, since you don't even intend to include these BLs in stock SA, as
> > you mentioned in a follow-up...
> >
> > Please do not use the mass-check contributors for your or the BL's
> > personal statistics, without even asking the contributors. They are a
> > precious resource.
> >
> > The mass-checks are there to evaluate SA rule's performance. They are
> > not free for personal interest. If you want some stats for yourself,
> > please run it on your systems. Don't expect everyone else to do it for
> > you.
> 
> I must qualify that my intent was never to test anything purely from 
> personal interest or to use everyone else's systems to test rules that 
> may never benefit spamassassin in the future.  I am insulted if this is 
> the insinuation.

Warren, I did not accuse you of abusing the system or malicious intent,
neither meant to imply it. I didn't intend to insult you either.

However, I did find it a bit odd that you are dropping various heavy-
weight rules into the sandbox for everyone else to run, "with no
intention of ever adding them to the standard ruleset" (your words).

As I said before, IMHO the mass-checks are an instrument to measure SA
rule's performance, so the declared intent should be, to add them to SA
in one form or another. If all you want is to get a first impression of
a new BL, you can easily add an informational rule locally first. This
also often is likely to yield more accurate results, due to timing and
corpus age issues anyway.

  guenther


-- 
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}

Re: Other DNSBL's

[Warren Togami <wt...@redhat.com>]

On 10/19/2009 01:40 PM, Karsten Bräckelmann wrote:
> Warren, since you don't even intend to include these BLs in stock SA, as
> you mentioned in a follow-up...
>
> Please do not use the mass-check contributors for your or the BL's
> personal statistics, without even asking the contributors. They are a
> precious resource.
>
> The mass-checks are there to evaluate SA rule's performance. They are
> not free for personal interest. If you want some stats for yourself,
> please run it on your systems. Don't expect everyone else to do it for
> you.

I must qualify that my intent was never to test anything purely from 
personal interest or to use everyone else's systems to test rules that 
may never benefit spamassassin in the future.  I am insulted if this is 
the insinuation.

Various BL's I am testing are assessing future suitability for SA.  But 
as noted earlier I am not rushing this, and I certainly do not have 
illusions that we should add as many blacklists as possible.  Currently 
all of those BL's are incapable of the load capacity to become 
production rules.  They are also exhibiting FP problems, which 
masschecks are helping to identify and fix their methodologies.  It took 
several weeks of masschecks to identify PSBL's trap logic bugs.  Finally 
even if they manage to become safer to FP's and with sufficient capacity 
to handle spamassasin, we may still decide it is a bad idea to go 
production because they are redundant by overlap analysis.

It seems the main cause for concern was notification before net rule 
changes.  I will do so in the future.

Warren

Re: Other DNSBL's

[Warren Togami <wt...@redhat.com>]

On 10/19/2009 01:40 PM, Karsten Bräckelmann wrote:
> Please do not use the mass-check contributors for your or the BL's
> personal statistics, without even asking the contributors. They are a
> precious resource.
>
> The mass-checks are there to evaluate SA rule's performance. They are
> not free for personal interest. If you want some stats for yourself,
> please run it on your systems. Don't expect everyone else to do it for
> you.
>
>    guenther

OK fine.  This requirement was not made clear in the written guidelines 
for the sandbox.  If I have a new blacklist for testing I will propose 
it on the list in the future before doing it.

Warren

Re: Other DNSBL's

[Karsten Bräckelmann <gu...@rudersport.de>]

On Mon, 2009-10-19 at 18:23 +0200, Yet Another Ninja wrote:
> unless I've misunderstood Henrik, what he wants to mildly point out that 
> the SA masscheck might not be the ideal place to test the rbl_du_jour.

+1

> iirc, the "normal" process has been:
> 
> - run local BL on mirror
> - run private masschecks
> - check for other user's rating/results on as many public sites as possible
> - discuss on BL's own lists/forums

ACK. New BLs for inclusion usually have either been run locally and
found to be useful (just like most contributed rules), or officially
asked to be included (bugzilla).


Warren, since you don't even intend to include these BLs in stock SA, as
you mentioned in a follow-up...

Please do not use the mass-check contributors for your or the BL's
personal statistics, without even asking the contributors. They are a
precious resource.

The mass-checks are there to evaluate SA rule's performance. They are
not free for personal interest. If you want some stats for yourself,
please run it on your systems. Don't expect everyone else to do it for
you.

  guenther


-- 
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}

Re: Other DNSBL's

[Warren Togami <wt...@redhat.com>]

On 10/19/2009 12:23 PM, Yet Another Ninja wrote:
>
> - SA devs will make sure BL already has a good rating before including
> every home grown BL pollute its scores.
>
> - SA devs will make sure BL is prepared to put up with maccheck load AND
> inclusion in SA adding a HUGE burden on BL.

I think there is a disconnect here.  I'm testing various rules with no 
intention of ever adding them to the standard ruleset.  There is no risk 
of polluting scores here.

For example the Anubis reputation blacklists in my sandbox requested 
privately to be tested weekly.  They do not wish to become default in SA.

Warren

Re: Other DNSBL's

[Yet Another Ninja <sa...@alexb.ch>]

On 10/19/2009 6:14 PM, Henrik Krohns wrote:
  >> But I don't understand how this is helpful or how this is an issue.
> 
> Pointless to continue this then.

Warren,

unless I've misunderstood Henrik, what he wants to mildly point out that 
the SA masscheck might not be the ideal place to test the rbl_du_jour.

iirc, the "normal" process has been:

- run local BL on mirror

- run private masschecks

- check for other user's rating/results on as many public sites as possible

- discuss on BL's own lists/forums

- suggest BL op it may be good for his/her exposure to be included in SA

- let BL OP request masscheck

- SA devs will make sure BL already has a good rating before including 
every home grown BL pollute its scores.

- SA devs will make sure BL is prepared to put up with maccheck load AND 
inclusion in SA adding a HUGE burden on BL.

- discuss on SA users/dev

- wait...

If the processes have changed, pls hit me with cluebat...

Axb

Re: Other DNSBL's

[Henrik Krohns <he...@hege.li>]

On Mon, Oct 19, 2009 at 12:01:19PM -0400, Warren Togami wrote:
> On 10/19/2009 11:33 AM, Henrik Krohns wrote:
>>
>> "I intended to test it in only a single Saturday masscheck."
>>
>> How is that an excuse? It's still an active rule that other people will be
>> running, not just me. Perhaps you want to test different lists every
>> saturday, which very well may be the case looking at your current
>> activities.
>>
>> If you do not know what rsync+rbldnsd can do, here is a hint: It enables
>> foolproof lookups for the list, not generating network traffic or failing
>> from network congestion.
>>
>> I just asked that new net rules would be mentioned so everyone knows. I'm
>> surprised I have explain this more, when the reason was clearly in my original
>> post.
>>
>
> I don't have control over the other nightly masscheck hosts for them to  
> use their own rsync+rbldnsd.

So? They use it if they want. I like to use it.

> Sure, I can warn the list about new net rules.

Thank you. I would imagine it's good practise to announce new BL tests _in
any case_.

> But I don't understand how this is helpful or how this is an issue.

Pointless to continue this then.

Re: Other DNSBL's

[Warren Togami <wt...@redhat.com>]

On 10/19/2009 11:33 AM, Henrik Krohns wrote:
>
> "I intended to test it in only a single Saturday masscheck."
>
> How is that an excuse? It's still an active rule that other people will be
> running, not just me. Perhaps you want to test different lists every
> saturday, which very well may be the case looking at your current
> activities.
>
> If you do not know what rsync+rbldnsd can do, here is a hint: It enables
> foolproof lookups for the list, not generating network traffic or failing
> from network congestion.
>
> I just asked that new net rules would be mentioned so everyone knows. I'm
> surprised I have explain this more, when the reason was clearly in my original
> post.
>

I don't have control over the other nightly masscheck hosts for them to 
use their own rsync+rbldnsd.

Sure, I can warn the list about new net rules.  But I don't understand 
how this is helpful or how this is an issue.

Warren

Re: Other DNSBL's

[Henrik Krohns <he...@hege.li>]

On Mon, Oct 19, 2009 at 10:34:17AM -0400, Warren Togami wrote:
> On 10/19/2009 10:26 AM, Henrik Krohns wrote:
>>>>
>>>> Posting to dev..
>>>>
>>>> Could you (and others) please announce if you are going to add any new net
>>>> rules?
>>>>
>>>> Especially since that list seems to have a public rsync feed, I would
>>>> _really_ like to use it and not add unnecessary traffic to my lousy cable or
>>>> the list.
>>>>
>>>
>>> I intended to test it in only a single Saturday masscheck.  Furthermore
>>> it is set to tflags nopublish so it will not be auto-promoted.  It seems
>>> that you aren't doing nightly masschecks.
>>>
>>> Where is the problem here?
>>
>> I'll try to be polite after a long work day. The problem is your
>> understanding. And yes, I haven't done masschecks in a moment, but I will.
>> It has nothing to do with the matter.
>>
>
> It is unhelpful to say, "The problem is your understanding." without  
> explaining the issue.  I am trying to be helpful and to understand your  
> concern, but so far you are making no sense.

"I intended to test it in only a single Saturday masscheck."

How is that an excuse? It's still an active rule that other people will be
running, not just me. Perhaps you want to test different lists every
saturday, which very well may be the case looking at your current
activities.

If you do not know what rsync+rbldnsd can do, here is a hint: It enables
foolproof lookups for the list, not generating network traffic or failing
from network congestion.

I just asked that new net rules would be mentioned so everyone knows. I'm
surprised I have explain this more, when the reason was clearly in my original
post.

Re: Other DNSBL's

[Warren Togami <wt...@redhat.com>]

On 10/19/2009 10:26 AM, Henrik Krohns wrote:
>>>
>>> Posting to dev..
>>>
>>> Could you (and others) please announce if you are going to add any new net
>>> rules?
>>>
>>> Especially since that list seems to have a public rsync feed, I would
>>> _really_ like to use it and not add unnecessary traffic to my lousy cable or
>>> the list.
>>>
>>
>> I intended to test it in only a single Saturday masscheck.  Furthermore
>> it is set to tflags nopublish so it will not be auto-promoted.  It seems
>> that you aren't doing nightly masschecks.
>>
>> Where is the problem here?
>
> I'll try to be polite after a long work day. The problem is your
> understanding. And yes, I haven't done masschecks in a moment, but I will.
> It has nothing to do with the matter.
>

It is unhelpful to say, "The problem is your understanding." without 
explaining the issue.  I am trying to be helpful and to understand your 
concern, but so far you are making no sense.

Warren

Re: Other DNSBL's

[Henrik Krohns <he...@hege.li>]

On Mon, Oct 19, 2009 at 09:48:46AM -0400, Warren Togami wrote:
> On 10/19/2009 02:31 AM, Henrik K wrote:
>> On Mon, Oct 19, 2009 at 01:57:38AM -0400, Warren Togami wrote:
>>> Replying to a private post in public because the results are important.
>>>
>>> On 10/16/2009 10:22 AM, Anonymous wrote:
>>>> http://www.lashback.com/support/UnsubscribeBlacklistSupport.aspx
>>>>
>>>> It seems to hit a lot, but I don't have a good feel for how reliable it
>>>> is.
>>>
>>> http://ruleqa.spamassassin.org/20091017-r826198-n/T_RCVD_IN_UBL/detail
>>> Tested the Lashback UBL in the Saturday masscheck.  7.9% of spam and
>>> 2.3% ham!  This blacklist in its current form is dangerous and should
>>> not be used.
>>
>> Posting to dev..
>>
>> Could you (and others) please announce if you are going to add any new net
>> rules?
>>
>> Especially since that list seems to have a public rsync feed, I would
>> _really_ like to use it and not add unnecessary traffic to my lousy cable or
>> the list.
>>
>
> I intended to test it in only a single Saturday masscheck.  Furthermore  
> it is set to tflags nopublish so it will not be auto-promoted.  It seems  
> that you aren't doing nightly masschecks.
>
> Where is the problem here?

I'll try to be polite after a long work day. The problem is your
understanding. And yes, I haven't done masschecks in a moment, but I will.
It has nothing to do with the matter.

Re: Other DNSBL's

[Warren Togami <wt...@redhat.com>]

On 10/19/2009 02:31 AM, Henrik K wrote:
> On Mon, Oct 19, 2009 at 01:57:38AM -0400, Warren Togami wrote:
>> Replying to a private post in public because the results are important.
>>
>> On 10/16/2009 10:22 AM, Anonymous wrote:
>>> http://www.lashback.com/support/UnsubscribeBlacklistSupport.aspx
>>>
>>> It seems to hit a lot, but I don't have a good feel for how reliable it
>>> is.
>>
>> http://ruleqa.spamassassin.org/20091017-r826198-n/T_RCVD_IN_UBL/detail
>> Tested the Lashback UBL in the Saturday masscheck.  7.9% of spam and
>> 2.3% ham!  This blacklist in its current form is dangerous and should
>> not be used.
>
> Posting to dev..
>
> Could you (and others) please announce if you are going to add any new net
> rules?
>
> Especially since that list seems to have a public rsync feed, I would
> _really_ like to use it and not add unnecessary traffic to my lousy cable or
> the list.
>

I intended to test it in only a single Saturday masscheck.  Furthermore 
it is set to tflags nopublish so it will not be auto-promoted.  It seems 
that you aren't doing nightly masschecks.

Where is the problem here?

Warren Togami
wtogami@redhat.com

Re: Other DNSBL's

[Henrik K <he...@hege.li>]

On Mon, Oct 19, 2009 at 01:57:38AM -0400, Warren Togami wrote:
> Replying to a private post in public because the results are important.
>
> On 10/16/2009 10:22 AM, Anonymous wrote:
>> http://www.lashback.com/support/UnsubscribeBlacklistSupport.aspx
>>
>> It seems to hit a lot, but I don't have a good feel for how reliable it
>> is.
>
> http://ruleqa.spamassassin.org/20091017-r826198-n/T_RCVD_IN_UBL/detail
> Tested the Lashback UBL in the Saturday masscheck.  7.9% of spam and  
> 2.3% ham!  This blacklist in its current form is dangerous and should  
> not be used.

Posting to dev..

Could you (and others) please announce if you are going to add any new net
rules?

Especially since that list seems to have a public rsync feed, I would
_really_ like to use it and not add unnecessary traffic to my lousy cable or
the list.

Re: Other DNSBL's

[Warren Togami <wt...@redhat.com>]

Replying to a private post in public because the results are important.

On 10/16/2009 10:22 AM, Anonymous wrote:
> http://www.lashback.com/support/UnsubscribeBlacklistSupport.aspx
>
> It seems to hit a lot, but I don't have a good feel for how reliable it
> is.

http://ruleqa.spamassassin.org/20091017-r826198-n/T_RCVD_IN_UBL/detail
Tested the Lashback UBL in the Saturday masscheck.  7.9% of spam and 
2.3% ham!  This blacklist in its current form is dangerous and should 
not be used.

Warren Togami
wtogami@redhat.com