ietf-asrg
[Top] [All Lists]

[Asrg] Building a better blacklist

2006-04-01 03:42:43
Why are the performance figures for blacklists so low? I saw someone post a figure of 80% blocking. While less than 50% of the spam I get in my unfiltered accounts would have been blocked by SBL+XBL. Why can't the blocking rate be in the high 90's? I realize that it's not possible to hit 100% blocking unless every mailbox were a spamtrap feeding the blacklist. But with a significantly large trap farm it should be possible to detect almost all spam sources within a reasonable time.

The other big issue is why don't more ISPs use blacklists? The main concern I suppose is that they can't afford to loose mail sent to their customers. To address this, a blacklist systems could be designed to recover automatically when the spam stops. If the mail is rejected with a 4xx response code the non-spam mail from legitimate ISPs would be delivered (only slightly delayed) once the spam is cleaned up.

That leads to the question of how to clean up the spam in real time. Since the spam traps have already captured samples of the spam emanating from the blocked ISP, it should be easy enough to construct a profile or signature of the spam that the source ISP could use to quarantine the remaining spam in the queue.

-- Dan Oetting

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg

<Prev in Thread] Current Thread [Next in Thread>