Why are the performance figures for blacklists so low? I saw someone
post a figure of 80% blocking. While less than 50% of the spam I get
in my unfiltered accounts would have been blocked by SBL+XBL. Why
can't the blocking rate be in the high 90's? I realize that it's not
possible to hit 100% blocking unless every mailbox were a spamtrap
feeding the blacklist. But with a significantly large trap farm it
should be possible to detect almost all spam sources within a
reasonable time.
The other big issue is why don't more ISPs use blacklists? The main
concern I suppose is that they can't afford to loose mail sent to
their customers. To address this, a blacklist systems could be
designed to recover automatically when the spam stops. If the mail is
rejected with a 4xx response code the non-spam mail from legitimate
ISPs would be delivered (only slightly delayed) once the spam is
cleaned up.
That leads to the question of how to clean up the spam in real time.
Since the spam traps have already captured samples of the spam
emanating from the blocked ISP, it should be easy enough to construct
a profile or signature of the spam that the source ISP could use to
quarantine the remaining spam in the queue.
-- Dan Oetting
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg