On Tue, Sep 09, 2003 at 10:04:46AM -0400, Chris Lewis wrote:
Steven F Siirila wrote:
I won't break down on a per-DNSbl basis, but here's some data for the past
week:
Insecure server 342,122 (79,449 unique -- blocked ONLY for
this reason)
Known spam src 351,648 (288,234 unique)
rDNS blocks 591,570 (378,792 unique)
Dynamic IP addr 1,095,792 (950,424 unique)
Total blocked 2,048,523
Strange. Is there some sequencing at play? Which are done first?
We query all DNSbls all the time. We tell the remote user (via URLs),
all reasons for the block, not just the first one we run across.
Here's moderately comparable breakdowns from our spamtrap (percentage of
full spamtrap load):
CLASS DUL 345446 3.04
CLASS MANUAL 154099 1.36
CLASS MISC 4106790 36.12
CLASS PROXY 8804470 77.43
CLASS RELAY 24925 0.22
CLASS SPAMSOURCE 163314 1.44
[These overlap, but there is no sequencing dependencies]
I would assume your "Insecure server" is analogous to a combination of
our PROXY and RELAY classes. One DNSBL, CBL, _alone_ manages to catch
74% of the 77% that PROXY gets.
Correct. Open Proxy, Open Relay, Insecure Formmail.cgi, etc..
What BL are you using for Dynamic? That 3% is PDL+SORBSdul.
We use several; most notably MAPS DUL and SORBS.
MISC is a combination of several things, including a "No rDNS +
complaints" and a "spamcop or ORDB block + complaints" BL.
Open relay is isn't worth bothering with anymore, tho, none of the ones
I'm using are particularly good (SORBSsmtp + a local one - can't use
ORDB...).
Agreed.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg