You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by "MailBlacklist.com Management" <ma...@mailblacklist.com> on 2015/08/17 14:38:58 UTC
MailBlacklist.com Integration Testing Phase
---- Spam Assassin & MailBlacklist.com Integration Testing Phase 1 ----
We would like to welcome users of the Spam Assassin project to test our
high availability DNS-RBL / DNS-RWL within their configurations.
--- Configuration Below ---
ifplugin Mail::SpamAssassin::Plugin::DNSEval
## MailBlacklist.com Spam sources
header __RCVD_IN_MAILBLCOM_B eval:check_rbl('mailblcom-lastexternal',
'service.mailblacklist.com.')
tflags __RCVD_IN_MAILBLCOM_B net
## MailWhitelist.com Ham sources
header __RCVD_IN_MAILBLCOM_W eval:check_rbl('mailblcom-firsttrusted',
'service.mailwhitelist.com.')
tflags __RCVD_IN_MAILBLCOM_W net
##### MailBlacklist.com Definitions - Bad senders
# Definitions - Bad senders
header __RCVD_IN_MAILBLCOM_S
eval:check_rbl_sub('mailblcom-lastexternal', '127.0.0.2')
describe __RCVD_IN_MAILBLCOM_S Listed at MailBlacklist.com, Generic
Blacklist Listing (-2)
tflags __RCVD_IN_MAILBLCOM_S net
header RCVD_IN_MAILBLCOM_B5 eval:check_rbl_sub('mailblcom-lastexternal',
'127.0.0.6')
describe RCVD_IN_MAILBLCOM_B5 Listed at MailBlacklist.com, Very Bad
Reputation Sender (-5)
tflags RCVD_IN_MAILBLCOM_B5 net
header RCVD_IN_MAILBLCOM_B4 eval:check_rbl_sub('mailblcom-lastexternal',
'127.0.0.7')
describe RCVD_IN_MAILBLCOM_B4 Listed at MailBlacklist.com, Bad
Reputation Sender (-4)
tflags RCVD_IN_MAILBLCOM_B4 net
header RCVD_IN_MAILBLCOM_B3 eval:check_rbl_sub('mailblcom-lastexternal',
'127.0.0.8')
describe RCVD_IN_MAILBLCOM_B3 Listed at MailBlacklist.com, Low
Reputation Sender (-3)
tflags RCVD_IN_MAILBLCOM_B3 net
header RCVD_IN_MAILBLCOM_B2 eval:check_rbl_sub('mailblcom-lastexternal',
'127.0.0.9')
describe RCVD_IN_MAILBLCOM_B2 Listed at MailBlacklist.com, Suspicious
Sender (-2)
tflags RCVD_IN_MAILBLCOM_B2 net
# MailWhitelist.com Definitions - Good senders
header RCVD_IN_MAILBLCOM_W5 eval:check_rbl_sub('mailblcom-firsttrusted',
'^127\.0\.\d+\.3$')
describe RCVD_IN_MAILBLCOM_W5 Listed at MailWhitelist.com, High
Confidence Sender (+5)
tflags RCVD_IN_MAILBLCOM_W5 nice net
header RCVD_IN_MAILBLCOM_W4 eval:check_rbl_sub('mailblcom-firsttrusted',
'^127\.0\.\d+\.2$')
describe RCVD_IN_MAILBLCOM_W4 Listed at MailWhitelist.com, Medium
Confidence Sender (+4)
tflags RCVD_IN_MAILBLCOM_W4 nice net
header RCVD_IN_MAILBLCOM_W3 eval:check_rbl_sub('mailblcom-firsttrusted',
'^127\.0\.\d+\.1$')
describe RCVD_IN_MAILBLCOM_W3 Listed at MailWhitelist.com, Low
Confidence Sender (+3)
tflags RCVD_IN_MAILBLCOM_W3 nice net
header RCVD_IN_MAILBLCOM_W2 eval:check_rbl_sub('mailblcom-firsttrusted',
'^127\.0\.\d+\.0$')
describe RCVD_IN_MAILBLCOM_W2 Listed at MailWhitelist.com, No Confidence
Sender (+2)
tflags RCVD_IN_MAILBLCOM_W2 nice net
meta __RCVD_IN_MAILBLCOM_BL RCVD_IN_MAILBLCOM_B5 || RCVD_IN_MAILBLCOM_B4
|| RCVD_IN_MAILBLCOM_B3
tflags __RCVD_IN_MAILBLCOM_BL net
meta RCVD_IN_MAILBLCOM_SBI __RCVD_IN_MAILBLCOM_S &&
!__RCVD_IN_MAILBLCOM_BL
tflags RCVD_IN_MAILBLCOM_SBI net
# MailBlacklist.com Bad
meta RCVD_IN_MAILBLCOM_BL RCVD_IN_MAILBLCOM_B5 ||
RCVD_IN_MAILBLCOM_B4 || RCVD_IN_MAILBLCOM_B3 || __RCVD_IN_MAILBLCOM_S
describe RCVD_IN_MAILBLCOM_BL MailBlacklist.com Bad Senders
tflags RCVD_IN_MAILBLCOM_BL net
# MailWhitelist.com Good
meta RCVD_IN_MAILBLCOM_WL RCVD_IN_MAILBLCOM_W5 ||
RCVD_IN_MAILBLCOM_W4 || RCVD_IN_MAILBLCOM_W3
describe RCVD_IN_MAILBLCOM_WL MailWhitelist.com Good Senders
tflags RCVD_IN_MAILBLCOM_WL nice net
endif
Re: MailBlacklist.com Integration Testing Phase
Posted by Robert Schetterer <rs...@sys4.de>.
Am 18.08.2015 um 12:27 schrieb Axb:
> This is becoming higly offtopic.
>
> Don't think the SA list is the ideal place to promote services, no
> matter how well meant it all may be.
>
> At this point you should stop turning this list into your support/dev
> channel, and run your own mailing list. Interested followers will
> subscribe.
>
> Axb
> Apache SpamAssassin PMC
Agree , also MailBlacklist.com should make public
who they are, their whois infos are not enough to trust and use
them as rbl
>
> On 18.08.2015 11:48, MailBlacklist.com Management wrote:
>> Good Morning,
>>
>> @David - Thank you for your feedback 127.0.0.2 is now back in our RBL. It
>> was removed yesterday while we were updating our response codes, getting
>> ready for our announcement of another major feed provider.
>>
>> @Noel - You are right there are some feeds we cannot disclose due to
>> NDA's
>> being signed and others that have been in the anti-spam game for several
>> years which will be announced soon.
>>
>> --------
>>
>> We can understand people may be a little skeptical at first and maybe
>> this
>> post on @users was a little premature. But when we have made the
>> announcement on what feeds, services, groups and personnel are behind
>> this
>> service. Those of which have some of the highest credibility within this
>> space, your views may be a lot different.
>>
>> Regards,
>> MailBlacklist.com Management.
>>
>> On Tue, Aug 18, 2015 at 7:15 AM, Axb <ax...@gmail.com> wrote:
>>
>>> On 17.08.2015 23:03, Bill Cole wrote:
>>>
>>>> On 17 Aug 2015, at 9:26, Axb wrote:
>>>>
>>>> On 17.08.2015 15:19, MailBlacklist.com Management wrote:
>>>>>
>>>>>> MailBlacklist.com is an non-profit RBL & RWL Provider based in the UK
>>>>>> who
>>>>>> is providing many ISPs globally with free to use DNS Lookup services.
>>>>>>
>>>>>
>>>>> domain's Creation Date: 2015-08-04
>>>>> under what name/brand have you been "providing many ISPs globally with
>>>>> free to use DNS Lookup services"
>>>>>
>>>>> We are happy to answer any questions you my have. We will also seek
>>>>>> permission to disclose our Spam Feed Providers to give you a
>>>>>> little bit
>>>>>> more information on where our feeds come from.
>>>>>>
>>>>>>
>>>>> I wish you luck with your project - personally, I don't use services
>>>>> unless I know who's behind them.
>>>>>
>>>>
>>>> +1
>>>>
>>>> Also unhelpful in fostering trust:
>>>>
>>>> 1. Registered anonymously though GoDaddy/Domains By Proxy.
>>>> 2. "About Us" page simply isn't that. It's a stream of baseless
>>>> assertions about the services.
>>>> 3. Site needs a spell-check.
>>>> 4. No SOA for the domains used for listings, just single (!) NS
>>>> records,
>>>> each resolving to a single IP.
>>>> 5. The IPs pointed to by those NS records are allocated to the
>>>> notoriously spam-friendly & botnet-friendly slum-hoster OVH.
>>>>
>>>> People new to DNSBLs should understand that all of the most widely-used
>>>> DNSBLs were started by people or organizations with pre-existing
>>>> reputations for competence and integrity in the community of
>>>> professional email admins and/or anti-spam activists. Carefully
>>>> protected anonymity sloppiness, and shoddy DNS is a poor starting
>>>> point.
>>>>
>>>
>>> Looking into "Help us" I see a familiar looking "You can help us put a
>>> stop to spammers by donating your MX Records to us."
>>>
>>> this has a slight "Perkel_ian" touch which makes me wonder...
>>>
>>>
>>>
>>
>
Best Regards
MfG Robert Schetterer
--
[*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64
Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
Vorstand: Patrick Ben Koetter, Marc Schiffbauer
Aufsichtsratsvorsitzender: Florian Kirstein
Re: MailBlacklist.com Integration Testing Phase
Posted by Axb <ax...@gmail.com>.
This is becoming higly offtopic.
Don't think the SA list is the ideal place to promote services, no
matter how well meant it all may be.
At this point you should stop turning this list into your support/dev
channel, and run your own mailing list. Interested followers will subscribe.
Axb
Apache SpamAssassin PMC
On 18.08.2015 11:48, MailBlacklist.com Management wrote:
> Good Morning,
>
> @David - Thank you for your feedback 127.0.0.2 is now back in our RBL. It
> was removed yesterday while we were updating our response codes, getting
> ready for our announcement of another major feed provider.
>
> @Noel - You are right there are some feeds we cannot disclose due to NDA's
> being signed and others that have been in the anti-spam game for several
> years which will be announced soon.
>
> --------
>
> We can understand people may be a little skeptical at first and maybe this
> post on @users was a little premature. But when we have made the
> announcement on what feeds, services, groups and personnel are behind this
> service. Those of which have some of the highest credibility within this
> space, your views may be a lot different.
>
> Regards,
> MailBlacklist.com Management.
>
> On Tue, Aug 18, 2015 at 7:15 AM, Axb <ax...@gmail.com> wrote:
>
>> On 17.08.2015 23:03, Bill Cole wrote:
>>
>>> On 17 Aug 2015, at 9:26, Axb wrote:
>>>
>>> On 17.08.2015 15:19, MailBlacklist.com Management wrote:
>>>>
>>>>> MailBlacklist.com is an non-profit RBL & RWL Provider based in the UK
>>>>> who
>>>>> is providing many ISPs globally with free to use DNS Lookup services.
>>>>>
>>>>
>>>> domain's Creation Date: 2015-08-04
>>>> under what name/brand have you been "providing many ISPs globally with
>>>> free to use DNS Lookup services"
>>>>
>>>> We are happy to answer any questions you my have. We will also seek
>>>>> permission to disclose our Spam Feed Providers to give you a little bit
>>>>> more information on where our feeds come from.
>>>>>
>>>>>
>>>> I wish you luck with your project - personally, I don't use services
>>>> unless I know who's behind them.
>>>>
>>>
>>> +1
>>>
>>> Also unhelpful in fostering trust:
>>>
>>> 1. Registered anonymously though GoDaddy/Domains By Proxy.
>>> 2. "About Us" page simply isn't that. It's a stream of baseless
>>> assertions about the services.
>>> 3. Site needs a spell-check.
>>> 4. No SOA for the domains used for listings, just single (!) NS records,
>>> each resolving to a single IP.
>>> 5. The IPs pointed to by those NS records are allocated to the
>>> notoriously spam-friendly & botnet-friendly slum-hoster OVH.
>>>
>>> People new to DNSBLs should understand that all of the most widely-used
>>> DNSBLs were started by people or organizations with pre-existing
>>> reputations for competence and integrity in the community of
>>> professional email admins and/or anti-spam activists. Carefully
>>> protected anonymity sloppiness, and shoddy DNS is a poor starting point.
>>>
>>
>> Looking into "Help us" I see a familiar looking "You can help us put a
>> stop to spammers by donating your MX Records to us."
>>
>> this has a slight "Perkel_ian" touch which makes me wonder...
>>
>>
>>
>
Re: MailBlacklist.com Integration Testing Phase
Posted by Reindl Harald <h....@thelounge.net>.
Am 18.08.2015 um 11:48 schrieb MailBlacklist.com Management:
> Good Morning,
>
> @David - Thank you for your feedback 127.0.0.2 is now back in our RBL.
> It was removed yesterday while we were updating our response codes,
> getting ready for our announcement of another major feed provider.
>
> @Noel - You are right there are some feeds we cannot disclose due to
> NDA's being signed and others that have been in the anti-spam game for
> several years which will be announced soon.
well, the sources are an important point because if you aggregate data
to your DNSBL which is shared with other public DNSBLs it may raise
false positives because two RBLs add scores while in fact the source was
unique
> We can understand people may be a little skeptical at first and maybe
> this post on @users was a little premature. But when we have made the
> announcement on what feeds, services, groups and personnel are behind
> this service. Those of which have some of the highest credibility within
> this space, your views may be a lot different.
>
> Regards,
> MailBlacklist.com Management.
>
> On Tue, Aug 18, 2015 at 7:15 AM, Axb <axb.lists@gmail.com
> <ma...@gmail.com>> wrote:
>
> On 17.08.2015 23:03, Bill Cole wrote:
>
> On 17 Aug 2015, at 9:26, Axb wrote:
>
> On 17.08.2015 15:19, MailBlacklist.com Management wrote:
>
> MailBlacklist.com is an non-profit RBL & RWL Provider
> based in the UK
> who
> is providing many ISPs globally with free to use DNS
> Lookup services.
>
>
> domain's Creation Date: 2015-08-04
> under what name/brand have you been "providing many ISPs
> globally with
> free to use DNS Lookup services"
>
> We are happy to answer any questions you my have. We
> will also seek
> permission to disclose our Spam Feed Providers to give
> you a little bit
> more information on where our feeds come from.
>
>
> I wish you luck with your project - personally, I don't use
> services
> unless I know who's behind them.
>
>
> +1
>
> Also unhelpful in fostering trust:
>
> 1. Registered anonymously though GoDaddy/Domains By Proxy.
> 2. "About Us" page simply isn't that. It's a stream of baseless
> assertions about the services.
> 3. Site needs a spell-check.
> 4. No SOA for the domains used for listings, just single (!) NS
> records,
> each resolving to a single IP.
> 5. The IPs pointed to by those NS records are allocated to the
> notoriously spam-friendly & botnet-friendly slum-hoster OVH.
>
> People new to DNSBLs should understand that all of the most
> widely-used
> DNSBLs were started by people or organizations with pre-existing
> reputations for competence and integrity in the community of
> professional email admins and/or anti-spam activists. Carefully
> protected anonymity sloppiness, and shoddy DNS is a poor
> starting point.
>
>
> Looking into "Help us" I see a familiar looking "You can help us put
> a stop to spammers by donating your MX Records to us."
>
> this has a slight "Perkel_ian" touch which makes me wonder...
Re: MailBlacklist.com Integration Testing Phase
Posted by Dianne Skoll <df...@roaringpenguin.com>.
On Tue, 18 Aug 2015 10:48:54 +0100
"MailBlacklist.com Management" <ma...@mailblacklist.com> wrote:
> Regards,
> MailBlacklist.com Management.
Really? That's your name?
This sounds very fishy, sorry.
Regards,
Dianne.
Re: MailBlacklist.com Integration Testing Phase
Posted by "MailBlacklist.com Management" <ma...@mailblacklist.com>.
Good Morning,
@David - Thank you for your feedback 127.0.0.2 is now back in our RBL. It
was removed yesterday while we were updating our response codes, getting
ready for our announcement of another major feed provider.
@Noel - You are right there are some feeds we cannot disclose due to NDA's
being signed and others that have been in the anti-spam game for several
years which will be announced soon.
--------
We can understand people may be a little skeptical at first and maybe this
post on @users was a little premature. But when we have made the
announcement on what feeds, services, groups and personnel are behind this
service. Those of which have some of the highest credibility within this
space, your views may be a lot different.
Regards,
MailBlacklist.com Management.
On Tue, Aug 18, 2015 at 7:15 AM, Axb <ax...@gmail.com> wrote:
> On 17.08.2015 23:03, Bill Cole wrote:
>
>> On 17 Aug 2015, at 9:26, Axb wrote:
>>
>> On 17.08.2015 15:19, MailBlacklist.com Management wrote:
>>>
>>>> MailBlacklist.com is an non-profit RBL & RWL Provider based in the UK
>>>> who
>>>> is providing many ISPs globally with free to use DNS Lookup services.
>>>>
>>>
>>> domain's Creation Date: 2015-08-04
>>> under what name/brand have you been "providing many ISPs globally with
>>> free to use DNS Lookup services"
>>>
>>> We are happy to answer any questions you my have. We will also seek
>>>> permission to disclose our Spam Feed Providers to give you a little bit
>>>> more information on where our feeds come from.
>>>>
>>>>
>>> I wish you luck with your project - personally, I don't use services
>>> unless I know who's behind them.
>>>
>>
>> +1
>>
>> Also unhelpful in fostering trust:
>>
>> 1. Registered anonymously though GoDaddy/Domains By Proxy.
>> 2. "About Us" page simply isn't that. It's a stream of baseless
>> assertions about the services.
>> 3. Site needs a spell-check.
>> 4. No SOA for the domains used for listings, just single (!) NS records,
>> each resolving to a single IP.
>> 5. The IPs pointed to by those NS records are allocated to the
>> notoriously spam-friendly & botnet-friendly slum-hoster OVH.
>>
>> People new to DNSBLs should understand that all of the most widely-used
>> DNSBLs were started by people or organizations with pre-existing
>> reputations for competence and integrity in the community of
>> professional email admins and/or anti-spam activists. Carefully
>> protected anonymity sloppiness, and shoddy DNS is a poor starting point.
>>
>
> Looking into "Help us" I see a familiar looking "You can help us put a
> stop to spammers by donating your MX Records to us."
>
> this has a slight "Perkel_ian" touch which makes me wonder...
>
>
>
Re: MailBlacklist.com Integration Testing Phase
Posted by Axb <ax...@gmail.com>.
On 17.08.2015 23:03, Bill Cole wrote:
> On 17 Aug 2015, at 9:26, Axb wrote:
>
>> On 17.08.2015 15:19, MailBlacklist.com Management wrote:
>>> MailBlacklist.com is an non-profit RBL & RWL Provider based in the UK
>>> who
>>> is providing many ISPs globally with free to use DNS Lookup services.
>>
>> domain's Creation Date: 2015-08-04
>> under what name/brand have you been "providing many ISPs globally with
>> free to use DNS Lookup services"
>>
>>> We are happy to answer any questions you my have. We will also seek
>>> permission to disclose our Spam Feed Providers to give you a little bit
>>> more information on where our feeds come from.
>>>
>>
>> I wish you luck with your project - personally, I don't use services
>> unless I know who's behind them.
>
> +1
>
> Also unhelpful in fostering trust:
>
> 1. Registered anonymously though GoDaddy/Domains By Proxy.
> 2. "About Us" page simply isn't that. It's a stream of baseless
> assertions about the services.
> 3. Site needs a spell-check.
> 4. No SOA for the domains used for listings, just single (!) NS records,
> each resolving to a single IP.
> 5. The IPs pointed to by those NS records are allocated to the
> notoriously spam-friendly & botnet-friendly slum-hoster OVH.
>
> People new to DNSBLs should understand that all of the most widely-used
> DNSBLs were started by people or organizations with pre-existing
> reputations for competence and integrity in the community of
> professional email admins and/or anti-spam activists. Carefully
> protected anonymity sloppiness, and shoddy DNS is a poor starting point.
Looking into "Help us" I see a familiar looking "You can help us put a
stop to spammers by donating your MX Records to us."
this has a slight "Perkel_ian" touch which makes me wonder...
Re: MailBlacklist.com Integration Testing Phase
Posted by Reindl Harald <h....@thelounge.net>.
Am 17.08.2015 um 23:47 schrieb MailBlacklist.com Management:
> Thank you for your feedback, Points 1-5 are being addressed and will be
> very transparent within the next working week.
>
> Once that information is available to public we will release an update
> to this feed.
honestly my problem is starting post with "our high availability DNS-RBL
/ DNS-RWL" and point 4 at the same time
> On Mon, Aug 17, 2015 at 10:03 PM, Bill Cole
> <sausers-20150205@billmail.scconsult.com
> <ma...@billmail.scconsult.com>> wrote:
>
> On 17 Aug 2015, at 9:26, Axb wrote:
>
> On 17.08.2015 15:19, MailBlacklist.com Management wrote:
>
> MailBlacklist.com is an non-profit RBL & RWL Provider based
> in the UK who
> is providing many ISPs globally with free to use DNS Lookup
> services.
>
>
> domain's Creation Date: 2015-08-04
> under what name/brand have you been "providing many ISPs
> globally with free to use DNS Lookup services"
>
> We are happy to answer any questions you my have. We will
> also seek
> permission to disclose our Spam Feed Providers to give you a
> little bit
> more information on where our feeds come from.
>
>
> I wish you luck with your project - personally, I don't use
> services unless I know who's behind them.
>
>
> +1
>
> Also unhelpful in fostering trust:
>
> 1. Registered anonymously though GoDaddy/Domains By Proxy.
> 2. "About Us" page simply isn't that. It's a stream of baseless
> assertions about the services.
> 3. Site needs a spell-check.
> 4. No SOA for the domains used for listings, just single (!) NS
> records, each resolving to a single IP.
> 5. The IPs pointed to by those NS records are allocated to the
> notoriously spam-friendly & botnet-friendly slum-hoster OVH.
>
> People new to DNSBLs should understand that all of the most
> widely-used DNSBLs were started by people or organizations with
> pre-existing reputations for competence and integrity in the
> community of professional email admins and/or anti-spam activists.
> Carefully protected anonymity sloppiness, and shoddy DNS is a poor
> starting point.
Re: MailBlacklist.com Integration Testing Phase
Posted by "MailBlacklist.com Management" <ma...@mailblacklist.com>.
Thank you for your feedback, Points 1-5 are being addressed and will be
very transparent within the next working week.
Once that information is available to public we will release an update to
this feed.
On Mon, Aug 17, 2015 at 10:03 PM, Bill Cole <
sausers-20150205@billmail.scconsult.com> wrote:
> On 17 Aug 2015, at 9:26, Axb wrote:
>
> On 17.08.2015 15:19, MailBlacklist.com Management wrote:
>>
>>> MailBlacklist.com is an non-profit RBL & RWL Provider based in the UK who
>>> is providing many ISPs globally with free to use DNS Lookup services.
>>>
>>
>> domain's Creation Date: 2015-08-04
>> under what name/brand have you been "providing many ISPs globally with
>> free to use DNS Lookup services"
>>
>> We are happy to answer any questions you my have. We will also seek
>>> permission to disclose our Spam Feed Providers to give you a little bit
>>> more information on where our feeds come from.
>>>
>>>
>> I wish you luck with your project - personally, I don't use services
>> unless I know who's behind them.
>>
>
> +1
>
> Also unhelpful in fostering trust:
>
> 1. Registered anonymously though GoDaddy/Domains By Proxy.
> 2. "About Us" page simply isn't that. It's a stream of baseless assertions
> about the services.
> 3. Site needs a spell-check.
> 4. No SOA for the domains used for listings, just single (!) NS records,
> each resolving to a single IP.
> 5. The IPs pointed to by those NS records are allocated to the notoriously
> spam-friendly & botnet-friendly slum-hoster OVH.
>
> People new to DNSBLs should understand that all of the most widely-used
> DNSBLs were started by people or organizations with pre-existing
> reputations for competence and integrity in the community of professional
> email admins and/or anti-spam activists. Carefully protected anonymity
> sloppiness, and shoddy DNS is a poor starting point.
>
Re: MailBlacklist.com Integration Testing Phase
Posted by Bill Cole <sa...@billmail.scconsult.com>.
On 17 Aug 2015, at 9:26, Axb wrote:
> On 17.08.2015 15:19, MailBlacklist.com Management wrote:
>> MailBlacklist.com is an non-profit RBL & RWL Provider based in the UK
>> who
>> is providing many ISPs globally with free to use DNS Lookup services.
>
> domain's Creation Date: 2015-08-04
> under what name/brand have you been "providing many ISPs globally with
> free to use DNS Lookup services"
>
>> We are happy to answer any questions you my have. We will also seek
>> permission to disclose our Spam Feed Providers to give you a little
>> bit
>> more information on where our feeds come from.
>>
>
> I wish you luck with your project - personally, I don't use services
> unless I know who's behind them.
+1
Also unhelpful in fostering trust:
1. Registered anonymously though GoDaddy/Domains By Proxy.
2. "About Us" page simply isn't that. It's a stream of baseless
assertions about the services.
3. Site needs a spell-check.
4. No SOA for the domains used for listings, just single (!) NS records,
each resolving to a single IP.
5. The IPs pointed to by those NS records are allocated to the
notoriously spam-friendly & botnet-friendly slum-hoster OVH.
People new to DNSBLs should understand that all of the most widely-used
DNSBLs were started by people or organizations with pre-existing
reputations for competence and integrity in the community of
professional email admins and/or anti-spam activists. Carefully
protected anonymity sloppiness, and shoddy DNS is a poor starting
point.
Re: MailBlacklist.com Integration Testing Phase
Posted by Axb <ax...@gmail.com>.
On 17.08.2015 15:19, MailBlacklist.com Management wrote:
> MailBlacklist.com is an non-profit RBL & RWL Provider based in the UK who
> is providing many ISPs globally with free to use DNS Lookup services.
domain's Creation Date: 2015-08-04
under what name/brand have you been "providing many ISPs globally with
free to use DNS Lookup services"
> We are happy to answer any questions you my have. We will also seek
> permission to disclose our Spam Feed Providers to give you a little bit
> more information on where our feeds come from.
>
I wish you luck with your project - personally, I don't use services
unless I know who's behind them.
Axb
Re: MailBlacklist.com Integration Testing Phase
Posted by "MailBlacklist.com Management" <ma...@mailblacklist.com>.
MailBlacklist.com is an non-profit RBL & RWL Provider based in the UK who
is providing many ISPs globally with free to use DNS Lookup services.
We are happy to answer any questions you my have. We will also seek
permission to disclose our Spam Feed Providers to give you a little bit
more information on where our feeds come from.
Here is a little information on both our lookup zones:
*The MailWhitelist Service*
Our Whitelist DNS Server (DNSWL) will only contain services, networks,
companies or legitimate senders who are proven / believed to practise only
the best of email standards. Response grades of the whitelisted addresses
are based on their prompt effectiveness to deal with any kind of abuse that
may reside in their network. The whitelist service ensures legitimate
senders are protected from false positives in a world of heavy spam
filtering.
The majority of todays whitelists only provide a single result. Wether the
URL/Host has been whitelisted or not, we do no believe this is ideal. Which
is why we provide a response based on what industry the sender/company is
categorised under and an overall grade to go with it. This allows you to
decide what email to accept as whitelisted.
We have also found that once senders are listed on other whitelists they
are not proactivity checked after the initial on-boarding and they rely on
abuse complaints to tell them otherwise. This is also not ideal when
providing a service which vouches for a legitimate sender.
MailWhitelist.com proactivity check all whitelisted senders to ensure they
keep up their good mailing practises and remove or regrade any sender whos
practises have degraded.
*The MailBlacklist Service*
Our Blacklist DNS Server (DNSRBL) contains addresses and networks that have
been compromised by spam and or abuse. The DNSBL ensures URLS/Hosts who are
abusing their email services are listed so that providers/services can
protect their users or service from these senders.
The Blacklist service also grades these senders from the occasional spammer
to the more extreme abusers. Allowing you to make an informed decision
wether to block or continue filtering the email. The Sender/Host grades are
provided to your service by 4 different DNS response codes.
Here at MailBlacklist we have several sources which provide us data on
potential email abusers. Ensuring a large coverage to help prevent spam on
your networks. We also keep all historic listing data which will help
determine the senders abuse level allowing you to block historic or current
abusers.
On Mon, Aug 17, 2015 at 1:56 PM, Axb <ax...@gmail.com> wrote:
> On 17.08.2015 14:38, MailBlacklist.com Management wrote:
>
>> We would like to welcome users of the Spam Assassin project to test our
>> high availability DNS-RBL / DNS-RWL within their configurations.
>>
>
> whois is "we"
>
>
>
>
>
Re: MailBlacklist.com Integration Testing Phase
Posted by Axb <ax...@gmail.com>.
On 17.08.2015 14:38, MailBlacklist.com Management wrote:
> We would like to welcome users of the Spam Assassin project to test our
> high availability DNS-RBL / DNS-RWL within their configurations.
whois is "we"
Re: MailBlacklist.com Integration Testing Phase
Posted by David B Funk <db...@engineering.uiowa.edu>.
On Mon, 17 Aug 2015, MailBlacklist.com Management wrote:
> ---- Spam Assassin & MailBlacklist.com Integration Testing Phase 1 ----
>
> We would like to welcome users of the Spam Assassin project to test our high availability DNS-RBL / DNS-RWL within their
> configurations.
>
[snip..]
For DNS-RBLs it is considered best-practice to include a guaranteed "test-point"
entry which can be relied upon for testing. Current convention is to use the
address: 127.0.0.2
(IE any DNS-RBL lookup of the address 127.0.0.2 should always return an
active response).
This can be used for manual trouble-shooting and automated detection of
functioning DNS-RBLs.
It looks like you have such a test-point entry for your DNS-RBL
service.mailwhitelist.com but lack such for service.mailblacklist.com.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
Re: MailBlacklist.com Integration Testing Phase
Posted by "MailBlacklist.com Management" <ma...@mailblacklist.com>.
Attached Txt File with Configuration for MailBlacklist.com
On Mon, Aug 17, 2015 at 1:38 PM, MailBlacklist.com Management <
management@mailblacklist.com> wrote:
> ---- Spam Assassin & MailBlacklist.com Integration Testing Phase 1 ----
>
> We would like to welcome users of the Spam Assassin project to test our
> high availability DNS-RBL / DNS-RWL within their configurations.
>
> --- Configuration Below ---
>
>
> ifplugin Mail::SpamAssassin::Plugin::DNSEval
> ## MailBlacklist.com Spam sources
> header __RCVD_IN_MAILBLCOM_B eval:check_rbl('mailblcom-lastexternal',
> 'service.mailblacklist.com.')
> tflags __RCVD_IN_MAILBLCOM_B net
>
> ## MailWhitelist.com Ham sources
> header __RCVD_IN_MAILBLCOM_W eval:check_rbl('mailblcom-firsttrusted',
> 'service.mailwhitelist.com.')
> tflags __RCVD_IN_MAILBLCOM_W net
>
> ##### MailBlacklist.com Definitions - Bad senders
> # Definitions - Bad senders
> header __RCVD_IN_MAILBLCOM_S
> eval:check_rbl_sub('mailblcom-lastexternal', '127.0.0.2')
> describe __RCVD_IN_MAILBLCOM_S Listed at MailBlacklist.com, Generic
> Blacklist Listing (-2)
> tflags __RCVD_IN_MAILBLCOM_S net
>
> header RCVD_IN_MAILBLCOM_B5
> eval:check_rbl_sub('mailblcom-lastexternal', '127.0.0.6')
> describe RCVD_IN_MAILBLCOM_B5 Listed at MailBlacklist.com, Very Bad
> Reputation Sender (-5)
> tflags RCVD_IN_MAILBLCOM_B5 net
>
> header RCVD_IN_MAILBLCOM_B4
> eval:check_rbl_sub('mailblcom-lastexternal', '127.0.0.7')
> describe RCVD_IN_MAILBLCOM_B4 Listed at MailBlacklist.com, Bad
> Reputation Sender (-4)
> tflags RCVD_IN_MAILBLCOM_B4 net
>
> header RCVD_IN_MAILBLCOM_B3
> eval:check_rbl_sub('mailblcom-lastexternal', '127.0.0.8')
> describe RCVD_IN_MAILBLCOM_B3 Listed at MailBlacklist.com, Low
> Reputation Sender (-3)
> tflags RCVD_IN_MAILBLCOM_B3 net
>
> header RCVD_IN_MAILBLCOM_B2
> eval:check_rbl_sub('mailblcom-lastexternal', '127.0.0.9')
> describe RCVD_IN_MAILBLCOM_B2 Listed at MailBlacklist.com, Suspicious
> Sender (-2)
> tflags RCVD_IN_MAILBLCOM_B2 net
>
> # MailWhitelist.com Definitions - Good senders
> header RCVD_IN_MAILBLCOM_W5
> eval:check_rbl_sub('mailblcom-firsttrusted', '^127\.0\.\d+\.3$')
> describe RCVD_IN_MAILBLCOM_W5 Listed at MailWhitelist.com, High
> Confidence Sender (+5)
> tflags RCVD_IN_MAILBLCOM_W5 nice net
>
> header RCVD_IN_MAILBLCOM_W4
> eval:check_rbl_sub('mailblcom-firsttrusted', '^127\.0\.\d+\.2$')
> describe RCVD_IN_MAILBLCOM_W4 Listed at MailWhitelist.com, Medium
> Confidence Sender (+4)
> tflags RCVD_IN_MAILBLCOM_W4 nice net
>
> header RCVD_IN_MAILBLCOM_W3
> eval:check_rbl_sub('mailblcom-firsttrusted', '^127\.0\.\d+\.1$')
> describe RCVD_IN_MAILBLCOM_W3 Listed at MailWhitelist.com, Low
> Confidence Sender (+3)
> tflags RCVD_IN_MAILBLCOM_W3 nice net
>
> header RCVD_IN_MAILBLCOM_W2
> eval:check_rbl_sub('mailblcom-firsttrusted', '^127\.0\.\d+\.0$')
> describe RCVD_IN_MAILBLCOM_W2 Listed at MailWhitelist.com, No
> Confidence Sender (+2)
> tflags RCVD_IN_MAILBLCOM_W2 nice net
>
> meta __RCVD_IN_MAILBLCOM_BL RCVD_IN_MAILBLCOM_B5 ||
> RCVD_IN_MAILBLCOM_B4 || RCVD_IN_MAILBLCOM_B3
> tflags __RCVD_IN_MAILBLCOM_BL net
>
> meta RCVD_IN_MAILBLCOM_SBI __RCVD_IN_MAILBLCOM_S &&
> !__RCVD_IN_MAILBLCOM_BL
> tflags RCVD_IN_MAILBLCOM_SBI net
>
> # MailBlacklist.com Bad
> meta RCVD_IN_MAILBLCOM_BL RCVD_IN_MAILBLCOM_B5 ||
> RCVD_IN_MAILBLCOM_B4 || RCVD_IN_MAILBLCOM_B3 || __RCVD_IN_MAILBLCOM_S
> describe RCVD_IN_MAILBLCOM_BL MailBlacklist.com Bad Senders
> tflags RCVD_IN_MAILBLCOM_BL net
>
> # MailWhitelist.com Good
> meta RCVD_IN_MAILBLCOM_WL RCVD_IN_MAILBLCOM_W5 ||
> RCVD_IN_MAILBLCOM_W4 || RCVD_IN_MAILBLCOM_W3
> describe RCVD_IN_MAILBLCOM_WL MailWhitelist.com Good Senders
> tflags RCVD_IN_MAILBLCOM_WL nice net
>
> endif
>
Re: MailBlacklist.com Integration Testing Phase
Posted by "MailBlacklist.com Management" <ma...@mailblacklist.com>.
Hello Dave,
Thank you for testing our RBL/RWL Service, The IP in question above was
listed 23 hours ago due to hitting a pristine spam trap source more than 10
times within the same day. The listings are time based and are removed once
the timeout period has exceeded or manual delisting with remediation
actions. -- If the host continues to hit the spam traps / honeypot then the
timeout period is reset.
We would love to hear how your testing goes over the next few days and if
you have any issues please do let us know.
Best Regards,
MailBlacklist.com Team
On Mon, Aug 17, 2015 at 8:04 PM, David Jones <dj...@ena.com> wrote:
> *>From:* MailBlacklist.com Management <ma...@mailblacklist.com>
> *>Sent:* Monday, August 17, 2015 7:38 AM
> *>To:* users@spamassassin.apache.org
> *>Subject:* MailBlacklist.com Integration Testing Phase
>
> >---- Spam Assassin & MailBlacklist.com Integration Testing Phase 1 ----
>
> >We would like to welcome users of the Spam Assassin project to test our
> high availability DNS-RBL / DNS-RWL >within their configurations.
>
> Got these rules in testing with a score of 0.01. I filter for about 100K
> mailboxes and I am not seeing reliable results. I am seeing the majority
> of messages hit this BL being clean messages with a very low score.
>
> http://multirbl.valli.org/lookup/192.64.236.211.html
>
> The above IP was an email from hgtv.com from a reliable sender
> sailthru.com (valid unsubscribe process). Note the other RBLs on the
> link above that match mailblacklist.com. That IP was listed in DNSWL and
> Mailspike WLs that are usually pretty reliable.
>
> My MTA (Postfix with Postscreen) is knocking down most of the spam using
> other RBLs so what makes it to SpamAssassin is going to be 98 percent
> clean. So far (it's early still for them and my testing), I don't think
> it's going to improve anything over Spamhaus and Invaluement RBLs and only
> produce a lot of false positives.
>
> I would like to hear from others that may be testing to see if our results
> are similar.
>
> Dave
>
>
>
>
Re: MailBlacklist.com Integration Testing Phase
Posted by David Jones <dj...@ena.com>.
>From: MailBlacklist.com Management <ma...@mailblacklist.com>
>Sent: Monday, August 17, 2015 7:38 AM
>To: users@spamassassin.apache.org
>Subject: MailBlacklist.com Integration Testing Phase
>---- Spam Assassin & MailBlacklist.com Integration Testing Phase 1 ----
>We would like to welcome users of the Spam Assassin project to test our high availability DNS-RBL / DNS-RWL >within their configurations.
Got these rules in testing with a score of 0.01. I filter for about 100K mailboxes and I am not seeing reliable results. I am seeing the majority of messages hit this BL being clean messages with a very low score.
http://multirbl.valli.org/lookup/192.64.236.211.html
The above IP was an email from hgtv.com from a reliable sender sailthru.com (valid unsubscribe process). Note the other RBLs on the link above that match mailblacklist.com. That IP was listed in DNSWL and Mailspike WLs that are usually pretty reliable.
My MTA (Postfix with Postscreen) is knocking down most of the spam using other RBLs so what makes it to SpamAssassin is going to be 98 percent clean. So far (it's early still for them and my testing), I don't think it's going to improve anything over Spamhaus and Invaluement RBLs and only produce a lot of false positives.
I would like to hear from others that may be testing to see if our results are similar.
Dave
Re: MailBlacklist.com Integration Testing Phase
Posted by Noel Butler <no...@ausics.net>.
On 18/08/2015 06:32, sebastian@debianfan.de wrote:
> Where do you get your blacklist-data?
>
> Am 17.08.2015 um 14:38 schrieb MailBlacklist.com Management:
In fairness to them, that might be commercially sensitive, for instance
the service I part manage uses internally gathered over many years,
until couple years ago when a service probably well known to many here I
cant name since its under NDA, offered us a URI feed to add to it, so 2K
URI's became 10K, we since have a few more smaller URI lists sent to us
as well, and no, I wont tell you what our service is because that would
be spamming :D ... and maybe sending the spammers some ammunition.
As Bill rightly mentioned, using any BL service requires trust,
understanding, and acceptance of its workings and policies, since mine
is central to particular ISPs, although used by many now, it still has
listing policies that would never make the grade in SA, for me I prefer
the stricter policies, less spammers, less jackasses.
So I don't think asking them where their data comes from is reasonable,
but it is reasonable to know their history, eg: ours lists for smtp came
about like in '02/'03 (URI lists was couple years after that) in house
for an ISP, and we kept it up since, it was only after we both changed
employers few years back, we got its own public domain, so perhaps these
guys will offer up a similar history, who knows.
However, I echo Axb's and Bills comments, coming in here 2 weeks after
regoing the domain and saying "hey come use us" - is a lot more than a
"bit" sus to me.
Re: MailBlacklist.com Integration Testing Phase
Posted by "sebastian@debianfan.de" <se...@debianfan.de>.
Where do you get your blacklist-data?
Am 17.08.2015 um 14:38 schrieb MailBlacklist.com Management:
> ---- Spam Assassin & MailBlacklist.com Integration Testing Phase 1 ----
>
> We would like to welcome users of the Spam Assassin project to test
> our high availability DNS-RBL / DNS-RWL within their configurations.
>
> --- Configuration Below ---
>
>
> ifplugin Mail::SpamAssassin::Plugin::DNSEval
> ## MailBlacklist.com Spam sources
> header __RCVD_IN_MAILBLCOM_B eval:check_rbl('mailblcom-lastexternal',
> 'service.mailblacklist.com.')
> tflags __RCVD_IN_MAILBLCOM_B net
>
> ## MailWhitelist.com Ham sources
> header __RCVD_IN_MAILBLCOM_W eval:check_rbl('mailblcom-firsttrusted',
> 'service.mailwhitelist.com.')
> tflags __RCVD_IN_MAILBLCOM_W net
>
> ##### MailBlacklist.com Definitions - Bad senders
> # Definitions - Bad senders
> header __RCVD_IN_MAILBLCOM_S
> eval:check_rbl_sub('mailblcom-lastexternal', '127.0.0.2')
> describe __RCVD_IN_MAILBLCOM_S Listed at MailBlacklist.com, Generic
> Blacklist Listing (-2)
> tflags __RCVD_IN_MAILBLCOM_S net
>
> header RCVD_IN_MAILBLCOM_B5
> eval:check_rbl_sub('mailblcom-lastexternal', '127.0.0.6')
> describe RCVD_IN_MAILBLCOM_B5 Listed at MailBlacklist.com, Very Bad
> Reputation Sender (-5)
> tflags RCVD_IN_MAILBLCOM_B5 net
>
> header RCVD_IN_MAILBLCOM_B4
> eval:check_rbl_sub('mailblcom-lastexternal', '127.0.0.7')
> describe RCVD_IN_MAILBLCOM_B4 Listed at MailBlacklist.com, Bad
> Reputation Sender (-4)
> tflags RCVD_IN_MAILBLCOM_B4 net
>
> header RCVD_IN_MAILBLCOM_B3
> eval:check_rbl_sub('mailblcom-lastexternal', '127.0.0.8')
> describe RCVD_IN_MAILBLCOM_B3 Listed at MailBlacklist.com, Low
> Reputation Sender (-3)
> tflags RCVD_IN_MAILBLCOM_B3 net
>
> header RCVD_IN_MAILBLCOM_B2
> eval:check_rbl_sub('mailblcom-lastexternal', '127.0.0.9')
> describe RCVD_IN_MAILBLCOM_B2 Listed at MailBlacklist.com,
> Suspicious Sender (-2)
> tflags RCVD_IN_MAILBLCOM_B2 net
>
> # MailWhitelist.com Definitions - Good senders
> header RCVD_IN_MAILBLCOM_W5
> eval:check_rbl_sub('mailblcom-firsttrusted', '^127\.0\.\d+\.3$')
> describe RCVD_IN_MAILBLCOM_W5 Listed at MailWhitelist.com, High
> Confidence Sender (+5)
> tflags RCVD_IN_MAILBLCOM_W5 nice net
>
> header RCVD_IN_MAILBLCOM_W4
> eval:check_rbl_sub('mailblcom-firsttrusted', '^127\.0\.\d+\.2$')
> describe RCVD_IN_MAILBLCOM_W4 Listed at MailWhitelist.com, Medium
> Confidence Sender (+4)
> tflags RCVD_IN_MAILBLCOM_W4 nice net
>
> header RCVD_IN_MAILBLCOM_W3
> eval:check_rbl_sub('mailblcom-firsttrusted', '^127\.0\.\d+\.1$')
> describe RCVD_IN_MAILBLCOM_W3 Listed at MailWhitelist.com, Low
> Confidence Sender (+3)
> tflags RCVD_IN_MAILBLCOM_W3 nice net
>
> header RCVD_IN_MAILBLCOM_W2
> eval:check_rbl_sub('mailblcom-firsttrusted', '^127\.0\.\d+\.0$')
> describe RCVD_IN_MAILBLCOM_W2 Listed at MailWhitelist.com, No
> Confidence Sender (+2)
> tflags RCVD_IN_MAILBLCOM_W2 nice net
>
> meta __RCVD_IN_MAILBLCOM_BL RCVD_IN_MAILBLCOM_B5 ||
> RCVD_IN_MAILBLCOM_B4 || RCVD_IN_MAILBLCOM_B3
> tflags __RCVD_IN_MAILBLCOM_BL net
>
> meta RCVD_IN_MAILBLCOM_SBI __RCVD_IN_MAILBLCOM_S &&
> !__RCVD_IN_MAILBLCOM_BL
> tflags RCVD_IN_MAILBLCOM_SBI net
>
> # MailBlacklist.com Bad
> meta RCVD_IN_MAILBLCOM_BL RCVD_IN_MAILBLCOM_B5 ||
> RCVD_IN_MAILBLCOM_B4 || RCVD_IN_MAILBLCOM_B3 || __RCVD_IN_MAILBLCOM_S
> describe RCVD_IN_MAILBLCOM_BL MailBlacklist.com Bad Senders
> tflags RCVD_IN_MAILBLCOM_BL net
>
> # MailWhitelist.com Good
> meta RCVD_IN_MAILBLCOM_WL RCVD_IN_MAILBLCOM_W5 ||
> RCVD_IN_MAILBLCOM_W4 || RCVD_IN_MAILBLCOM_W3
> describe RCVD_IN_MAILBLCOM_WL MailWhitelist.com Good Senders
> tflags RCVD_IN_MAILBLCOM_WL nice net
>
> endif