DNSBL question.

[DjM]

I am seeking your help and advise. We are currently upgrading our virus gateway and within the product there is some added functionality to help us manage spam. Now, this new functionality involves using DNSBL's (Black lists), I have never been a real fan of black lists as they tend to be somewhat aggressive in their blocking techniques, leading to false positives.

My question, for those of you that are currently using one or more black lists, how would you rate the list your using? Do you get false positives, if so how many? Does using a black list appear to slow down your mail processing?

Your comments & advise is appreciated.

Cheers:

[Tiger Shark]

DNSBL blocked spam comprises only a very small percentage of the whole when blocking spam in my network. The Bayesian filter and keyword blocking get the most.

Try www.gfi.com and see if the mailessentials program they have fits your budget. I use it and it works well but you need to watch the blocked stuff early and whitelist the stuff you want to keep, (warn your users to look out for mail they usually get that stops and to inform you if it stops), because otherwise you get a huge backlog of false positives and it is hard to dig out from under it

[DjM]

Originally posted here by Tiger Shark
DNSBL blocked spam comprises only a very small percentage of the whole when blocking spam in my network. The Bayesian filter and keyword blocking get the most.

Try www.gfi.com and see if the mailessentials program they have fits your budget. I use it and it works well but you need to watch the blocked stuff early and whitelist the stuff you want to keep, (warn your users to look out for mail they usually get that stops and to inform you if it stops), because otherwise you get a huge backlog of false positives and it is hard to dig out from under it

Thanks for the reply Tiger, I know that DNSBL's are only a part of a spam management program but never having used one, I was looking for other members opinions on what they consider to be reliable ones.

I do have other process in place to help manage spam so I don't think my company will like me asking for more $$$$ at this point (the function I am testing is free with software I already own).

Again, thanks for the input.

Cheers:

[Tiger Shark]

DJM: My point was, (in case you have missed it), was that the DNSBL's are really not a whole load of use. They really capture so little in the way of spam that it barely seems worth the processor time IMO........ Keywords and bayesian seem to be worth the time though.

[DjM]

Originally posted here by Tiger Shark
DJM: My point was, (in case you have missed it), was that the DNSBL's are really not a whole load of use. They really capture so little in the way of spam that it barely seems worth the processor time IMO........ Keywords and bayesian seem to be worth the time though.

No, I got your point Tiger, that's why I want to test this functionality to see exactly how effective it is. That way the next time management comes to me with the old "Why aren't we using DNSBL's to manage spam like my friend at company xyz". I can tell him we tested it and it proved to be quite a waste of effort.

Cheers:

[Tiger Shark]

DJM: OK... sorry, wasn't sure if I had communicated my dislike of them well enough......

[CXGJarrod]

Originally posted here by DjM
My question, for those of you that are currently using one or more black lists, how would you rate the list your using? Do you get false positives, if so how many? Does using a black list appear to slow down your mail processing?

Your comments & advise is appreciated.

Cheers:

I have had problems with http://www.dnsbl.sorbs.net. We have our website hosted at a hosting provider and they have blocked the entire subnet of computers several times. Our hosting provider is big on combating spam and will not let you send out more than a certain amount of emails a month. However, since several email servers email goes out through a couple of front end servers, those servers have been blocked (effectively block our mailserver) for sending out a normal amount of messages. It also costs a $50 "administrative fee" per infringement to get out of their list. Our hosting provider has payed it a couple of times, but found that they get back into the list very quickly.

[pR@nD1+Py]

We had many more headaches with real time black lists that definitely outweighed the good of using them.
There were many false positives and it did delay the delivery of messaging.
I found that most real time black lists time out the majority of the time leaving your mail server checking them at least 3 times for each message, thus causing a delay.
If you have the ability to use a weighted system I would leave out black lists and focus on Phrases, URL black lists, content filtering, reverse dns, mail froms, verify'ng ehlo/domain, and statistical filtering.

[pR@nD1+Py]

Here's a couple cool places to go if u're the network/email admin

http://www.dnsstuff.com

http://www.declude.com/tools/

[omol]

Hi im currently working on a project to produce a program a bit like virus protection in the way that it will update constantly to a email server, the idea is that it has a list of none spam address and will block these from contacting, im currently looking for assistence if any one is intrested and would like to be backed by spamassin or a similur project.

Is this any help?
Would you like a copy of the prog when it is finished?
Any one want to incorparate this with a virus scanning project?