Yellow Listing and other new conceots

[Marc Perkel <ma...@perkel.com>]

OK - yes it's a term I invented. Yellow listing is a DNS list of hosts 
that are mailservers for big ISPs and other sources of mixed ham and 
spam. yahoo, gmail, hotmail, comcast, aol are examples of hosts that 
would be yellow listed.

Why yellow list? The idea of a yellow list is to prevent certain hosts 
from being either white listed or blacklisted. For example, I live in 
the US as do most of my customers. So email comping from yahoo.fr is 
almost 100% spam. Left to automatic processes it wouldn't take long 
before yahoo.fr servers got blacklisted.

Conversely, AOL has been doing a reasonably good job of stopping 
outgoing spam. So good in fact that automatic processes started listing 
aol servers on the whitelist. Thus when a spammer made it through AOL 
they also bypassed SA on my servers because they were white listed.

I am now creating yellow list which have been what I have detected as 
mixed source hosts, some spam and some ham. I have now added logic where 
I look up the host name and if the host name matches a big ISP then I 
yellow list it immediately. Once it is yellow listed then I bypass all 
white/black list tests that might otherwise accept or reject the message 
without SA testing.

I think it would be useful to start using this idea more widely to 
improve the quality of DNS listing. So roll the idea around and see if 
we can build on it.

Here's some info on how to use my lists.

http://wiki.ctyme.com/index.php/Spam_DNS_Lists

Feel free to experiment.

Re: Yellow Listing and other new concepts

[Marc Perkel <ma...@perkel.com>]

Matthias Leisi wrote:
>> I think it would be useful to start using this idea more widely to
>> improve the quality of DNS listing. So roll the idea around and see if
>> we can build on it.
>>     
>
> It's somewhat similar to the "trust levels" we use in dnswl.org (where,
> incidentially, we partly import data from different sources that also use
> some kind of "scoring", eg from junkemailfilter.com).
>
> I believe this kind of aggregated scoring will prove pretty effective;
> whether the scoring is better done at each individual site (using
> SpamAssassin, for example ;) ) or centrally (at some DNSxL provider)
> remains to be seen.
>
> Personally, I would lean towards decentral solutions, but time will tell.
>
> -- Matthias
>
>
>   

The problem with it not being centralized is that my lists are limit to 
the email I get. If they aren't spamming or sending email to one of my 
1600 domains then I don't know about it. What I'm doing is also very 
experimental. Generally when others pick up on my ideas they do a much 
better job of coding it. (URIBL for example)

Re: Yellow Listing and other new conceots

[Matthias Leisi <ma...@leisi.net>]

> I think it would be useful to start using this idea more widely to
> improve the quality of DNS listing. So roll the idea around and see if
> we can build on it.

It's somewhat similar to the "trust levels" we use in dnswl.org (where,
incidentially, we partly import data from different sources that also use
some kind of "scoring", eg from junkemailfilter.com).

I believe this kind of aggregated scoring will prove pretty effective;
whether the scoring is better done at each individual site (using
SpamAssassin, for example ;) ) or centrally (at some DNSxL provider)
remains to be seen.

Personally, I would lean towards decentral solutions, but time will tell.

-- Matthias