ietf-asrg
[Top] [All Lists]

Re: [Asrg] Quarantines and block lists

2007-01-29 08:23:47
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Peter J. Holzer wrote:
On 2007-01-27 19:43:23 -0600, gep2(_at_)terabites(_dot_)com wrote:
To begin with, crude IP blocks will ALWAYS lose legitimate 
mail, because a single IP address can send both legitimate 
and zombie-generated mail.

We've been using the spamhaus dnsbls for several years and I can't
remember a single false positive. IP adresses which send legitimate
mails are simply not listed there (or if they are, there are so few of
them that it's indetectable). 

It is true that they aren't sufficient, but they reduce spam by quite a
bit (they're by far the most frequent reason for a permanent error) with
practically zero false positives.

I don't know why you insist that they would have to list a single IP
address which sends both legitimate and zombie-generated mail. Just look
at spamhaus and you can see that this is false.

He seems to be rather inconsistent in his position:

1) IP blocking _may_ (if you're not careful on what IPs you block) list
mixed sources.  Yeah, but, the content filtering methodologies he
proposes have false positives _too_. Not to mention that the content
filtering he's proposing has higher FPs than most DNSBLs.

2) If you use IP blocking, somehow you're magically restricted to ONLY
using that one technique (and hence will miss spam from mixed sources).
 Yet, he uses multiple techniques so that he can catch the things that
one technique misses with another technique.  Why is he insisting that
IP blocking can only be used on its own, when he's using multiple
techniques himself?

Say, yahoogroups.  Why does he feel that someone using DNSBLs is
restricted to using DNSBLs to block spam from yahoogroups?  Nothing can
be further from the truth.

DNSBLs are just one of many spam filtering techniques.  There's nothing
special about them that prevents you from using it in combination with
others.  Especially if you use it in a scoring methodology like
SpamAssassin.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-nr1 (Windows XP)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQCVAwUBRb4RPp3FmCyJjHfhAQIsLwQAkJvu0iGUGLy4qmeob3q8uHdV3x+CM0Gz
QpOrsn+a1fMECOSwEBu5zausHhT3rjAB6l06AGKU7QrrbgzJxFHtu0vsMfbR/5As
VvzzAADLtCe9GmUKW6GzICZVVD91Nm86QbMtVNwWAr7er3BM5S/Z0Ot2EhkOYRMI
Qwf5aRNWZGI=
=AGfQ
-----END PGP SIGNATURE-----

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg