You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Marc Perkel <ma...@perkel.com> on 2006/07/22 19:03:47 UTC
New DNS Black list, White List, Yellow List
Looking for people to try this out and for people who want to
participate in this new project. These lists do block spam, but more
importantly that are used to actively detect nonspam and reduce false
positives. Here's the details. I'm looking for some partners to help
feed data into the system as wel as people to use it and let me know how
well it works.
http://wiki.ctyme.com/index.php/Spam_DNS_Lists
Re: New DNS Black list, White List, Yellow List
Posted by Marc Perkel <ma...@perkel.com>.
John Andersen wrote:
> On Saturday 22 July 2006 09:03, Marc Perkel wrote:
>
>> Looking for people to try this out and for people who want to
>> participate in this new project. These lists do block spam, but more
>> importantly that are used to actively detect nonspam and reduce false
>> positives. Here's the details. I'm looking for some partners to help
>> feed data into the system as wel as people to use it and let me know how
>> well it works.
>>
>> http://wiki.ctyme.com/index.php/Spam_DNS_Lists
>>
>
>
> Quoting:
>
> Unfortunately EFF can't get beyond listening to themselves echo their own
> opinion to understand that the concepts behind AOL/Goodmail are at least
> partially sound. The idea is to get the good email through.
>
> --enequote.
>
>
> Talk about echoing one's own opinion....
>
> If your system is as well thought out as your championing of AOL
> it's unlikely to be worth my time.
>
>
I'm not defending AOL. I'm trying to eliminate the need for paid mail.
And - I used to be EFFs sysadmin and I still support them and they are
usually right on a lot of things but when it cones to spam - they are
clueless.
Re: New DNS Black list, White List, Yellow List
Posted by Graham Murray <gr...@gmurray.org.uk>.
Ramprasad <ra...@netcore.co.in> writes:
> A lot of banks/legitimate bulk email senders change their relay
> server. Many reasons for that. The most common is that they use a third
> party to relay their mails and these would keep changing
Especially for banks and other high risk phishing targets, it would be
much better if they did not do this. If all banks etc sent mail from a
server whose IP address whose rDNS is xxx.bank.com and where
xxx.bank.com resolves to the IP address from which the mail is sent,
then it would considerably easier to detecting phishing and greatly
improve the security for their customers.
Re: New DNS Black list, White List, Yellow List
Posted by Ramprasad <ra...@netcore.co.in>.
>
> An ISP wpuld never be whitelisted anyhow. Whitelisting is for things
> like banks and other institutions and organizations that produce no
> spam. Yellowlisting is for ISPs so that they don't accidentally get
> blacklisted. SPF is useless because few are using it due to the fact
> that it just doesn't work.
I too agree with your idea that we should start looking for ham in mails
rather than looking for spam. This approach would help us tackle spam
much more aggressively.
But IMHO SPF works great and is much cleaner.
A lot of banks/legitimate bulk email senders change their relay
server. Many reasons for that. The most common is that they use a third
party to relay their mails and these would keep changing
You would have to delist your whitelisted ip before some spammer gets
those. And since the whitelist is exposed there is a greater potential
for abuse here.
Thanks
Ram
Re: New DNS Black list, White List, Yellow List
Posted by John Andersen <js...@pen.homeip.net>.
On Sunday 23 July 2006 16:53, Marc Perkel wrote:
> . SPF is useless because few are using it due to the fact
> that it just doesn't work.
And how would your project fair under those evaluation rules?
Actually I find SPF starting to be used by some of my
banks.
--
_____________________________________
John Andersen
Re: New DNS Black list, White List, Yellow List
Posted by Marc Perkel <ma...@perkel.com>.
John Andersen wrote:
> On Sunday 23 July 2006 07:25, Brent Kennedy wrote:
>
>> But based on its current setup, spammers who probably
>> read this list, will most likely just feed good feedback about their mail
>> servers through those servers and corrupt the data.
>>
>
> And spammers already sign up with every isp they can find and
> forward a few clean messages thru each one, then dump a huge
> load of spam till they get caught, and simply walk away from the
> account (usually with an unpaid bill). Ask any ISP abuse
> admin.
>
> That will serve to poison the whitelist, leaving it with nothing
> but a few corporate mailers, as every general purpose ISP will
> fall into the yellow list in short order.
>
> Similarly, the blacklist will be fairly useless, because the companies
> that specialize in spam-safe hosting can get an new IP in a heartbeat,
> and can rent IPs all over the world. When they move on, (and they
> move rather quickly) you are left with a list of IPs that "at one time"
> may have been used by a spammer.
>
> Finally, the blacklist does not solve any problem not already handled by
> SURBL, and the other black hole lists.
>
> The white list is fairly well handled by SPF.
>
> The Yellowlist is what you need SA for now, and this is unlikely to reduce
> that need in any significant way.
>
> To the extent there is any merit in it, it should be merged with SURBL.
>
>
An ISP wpuld never be whitelisted anyhow. Whitelisting is for things
like banks and other institutions and organizations that produce no
spam. Yellowlisting is for ISPs so that they don't accidentally get
blacklisted. SPF is useless because few are using it due to the fact
that it just doesn't work.
Re: New DNS Black list, White List, Yellow List
Posted by John Andersen <js...@pen.homeip.net>.
On Sunday 23 July 2006 07:25, Brent Kennedy wrote:
> But based on its current setup, spammers who probably
> read this list, will most likely just feed good feedback about their mail
> servers through those servers and corrupt the data.
And spammers already sign up with every isp they can find and
forward a few clean messages thru each one, then dump a huge
load of spam till they get caught, and simply walk away from the
account (usually with an unpaid bill). Ask any ISP abuse
admin.
That will serve to poison the whitelist, leaving it with nothing
but a few corporate mailers, as every general purpose ISP will
fall into the yellow list in short order.
Similarly, the blacklist will be fairly useless, because the companies
that specialize in spam-safe hosting can get an new IP in a heartbeat,
and can rent IPs all over the world. When they move on, (and they
move rather quickly) you are left with a list of IPs that "at one time"
may have been used by a spammer.
Finally, the blacklist does not solve any problem not already handled by
SURBL, and the other black hole lists.
The white list is fairly well handled by SPF.
The Yellowlist is what you need SA for now, and this is unlikely to reduce
that need in any significant way.
To the extent there is any merit in it, it should be merged with SURBL.
--
_____________________________________
John Andersen
Re: New DNS Black list, White List, Yellow List
Posted by "Michele Neylon:: Blacknight.ie" <mi...@blacknight.ie>.
It *could* be an interesting project, but how long does an IP remain
blacklisted?
The other problem is that although you may think the whitelist is where
the accuracy is going to be there will be plenty of clueless sysadmins
who will blindly block based on the blacklist regardless of how accurate
it may or may not be
--
Mr Michele Neylon
Blacknight Solutions
Quality Business Hosting & Colocation
http://www.blacknight.ie/
Tel. 1850 927 280
Intl. +353 (0) 59 9183072
Direct Dial: +353 (0)59 9183090
Fax. +353 (0) 59 9164239
Re: New DNS Black list, White List, Yellow List
Posted by Marc Perkel <ma...@perkel.com>.
Brent Kennedy wrote:
> I like the idea.. But based on its current setup, spammers who probably
> read this list, will most likely just feed good feedback about their mail
> servers through those servers and corrupt the data. You would need to have
> some sort of login and a way to track what was put in the database so if you
> determined that one of the users was corrupting the data, you could reverse
> what they did.
>
> Plus I don't see any method in there for people who have been blacklisted by
> mistake(I know its rare) to get themselves off.
>
> I also think there should be some way to validate a user that's hard to
> cheat but not as hard on the host to verify.
>
> Maybe instead of a login, you could give them a hash that they put in their
> submission script that is then input into the mysql db. Just quickly
> validate the hash and drop that in the row next to the entry.
>
>
> -Brent
>
>
>
Anyone can use the lists but I'm only going to allow selected people to
feed data into the database and those prople will not include spammers.
As to getting off the list, I'm working on that. For now they can email me.
The biggest benefit of this system isn't the black list. It's the white
list and yellow list. The white list is what I think is going to be more
accurate than the black list. Once a site is whitelisted then you don't
have to run it through SA. That saves false positives and processor
time. Right now about 1/3 of my incoming good email is whitelisted. With
more data it could be 80% or more.
And - the yellow listing reduces false positives in all black lists.
Once you see it's yellow listed you skip all blacklist tests. You still
have to check it for spam, but it reduces FP on sites who are wrongly
blacklisted.
I'm trying to promote a new mindset - not just looking for spam - but
also looking for ham. You look for ham, you look for spam - and you run
what's left through SA.
RE: New DNS Black list, White List, Yellow List
Posted by Brent Kennedy <br...@cfl.rr.com>.
I like the idea.. But based on its current setup, spammers who probably
read this list, will most likely just feed good feedback about their mail
servers through those servers and corrupt the data. You would need to have
some sort of login and a way to track what was put in the database so if you
determined that one of the users was corrupting the data, you could reverse
what they did.
Plus I don't see any method in there for people who have been blacklisted by
mistake(I know its rare) to get themselves off.
I also think there should be some way to validate a user that's hard to
cheat but not as hard on the host to verify.
Maybe instead of a login, you could give them a hash that they put in their
submission script that is then input into the mysql db. Just quickly
validate the hash and drop that in the row next to the entry.
-Brent
Quote: "Have you ever sneezed so hard your arms hurt?"
-----Original Message-----
From: John Andersen [mailto:jsa@pen.homeip.net]
Sent: Saturday, July 22, 2006 9:53 PM
To: users@spamassassin.apache.org
Subject: Re: New DNS Black list, White List, Yellow List
On Saturday 22 July 2006 09:03, Marc Perkel wrote:
> Looking for people to try this out and for people who want to
> participate in this new project. These lists do block spam, but more
> importantly that are used to actively detect nonspam and reduce false
> positives. Here's the details. I'm looking for some partners to help
> feed data into the system as wel as people to use it and let me know
> how well it works.
>
> http://wiki.ctyme.com/index.php/Spam_DNS_Lists
Quoting:
Unfortunately EFF can't get beyond listening to themselves echo their own
opinion to understand that the concepts behind AOL/Goodmail are at least
partially sound. The idea is to get the good email through.
--enequote.
Talk about echoing one's own opinion....
If your system is as well thought out as your championing of AOL it's
unlikely to be worth my time.
--
_____________________________________
John Andersen
Re: New DNS Black list, White List, Yellow List
Posted by John Andersen <js...@pen.homeip.net>.
On Saturday 22 July 2006 09:03, Marc Perkel wrote:
> Looking for people to try this out and for people who want to
> participate in this new project. These lists do block spam, but more
> importantly that are used to actively detect nonspam and reduce false
> positives. Here's the details. I'm looking for some partners to help
> feed data into the system as wel as people to use it and let me know how
> well it works.
>
> http://wiki.ctyme.com/index.php/Spam_DNS_Lists
Quoting:
Unfortunately EFF can't get beyond listening to themselves echo their own
opinion to understand that the concepts behind AOL/Goodmail are at least
partially sound. The idea is to get the good email through.
--enequote.
Talk about echoing one's own opinion....
If your system is as well thought out as your championing of AOL
it's unlikely to be worth my time.
--
_____________________________________
John Andersen