-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Stephanie Erin Daugherty wrote:
My experience has been different, but then I'm not administering mail
for a corporation or major provider either, so my experiences may not
match yours. My own, admittedly non-scientific, findings have been that
the more sophisticated spammers use compromised hosts almost immediately
after they are compromised, or make multiple brute force attempts via
various compromised hosts until they find one that's allowed to connect.
Your sample size is too small, and not particularly representative of
what the rest of the world sees.
Yes, some spammers attempt to use compromised hosts as quickly as
possible. But the XBL is pretty quick, not all spammers are that good
at that (many compromised machines are compromised multiple ways, and as
quick as you are at utilizing _your_ compromise of it, a previous one
may have got it listed previously), and it don't mean squat with the PBL
whose listings are static, and not reliant on detecting compromised
machines.
We successfully block approximately 97% of all the spam sent our way
(right now averaging about 1M spams/day). Zen (PBL, XBL and SBL)
together are catching about 80%-90% of that, with SA (including
SURBL/URIBL) doing most of the rest. With an FP rate on the order of
1-2 emails/day from the DNSBLs. SA's FP rate is _far_ higher than that.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)
iQCVAwUBRem4hZ3FmCyJjHfhAQI+AQQA7WFj0BIcfQx2nTGqXaZR5p+hL1joc6Ke
keKcaz66voqG5nU1Xt0ORbHJ5l26Sx1LqrKiB0MOA8LzXWY1jYXOBaMBOVCkFTnO
kFis6nQcktNDGfRvl4asjQyMY+SrEXsat8KT0rLL4UMGEVtkRQrDsrmptaUkDuJY
54YgArkKZKc=
=jo2h
-----END PGP SIGNATURE-----
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg