On Fri, Oct 20, 2006 at 08:24:47AM -0500, J.A. Terranson wrote:
Ahhh, but I have a *lot* more flexibility here than SPEWS does. I can set filters by individuals, and I have little need for the vast majority of IP space - therefore I filter very hyperagressively for this domain.
The nice thing is that you never see those false positives. But for this list, you'd never seen my message.
Prior to this "overreaction", I was receiving approximately 25K spam
Wow, wonder how you managed to attract that. I only get several hundreds a day (malware is already filtered at MTA level), which spamassassin catches quantitatively. I'm thinking about starting blocking .gif/.jpeg/.png by MTA, which would catch the rest of them. If I ever got fancy I could use greylisting and firewall throttling of Windows hosts, or similiar shenanigans. But, blocking by RBL, never.
emails per day (on an *average* day - there have been *much* worse!). Now, I see less than several hundred: a fair trade for the rare false positive (about 75% of which come from this list, and of which I see less than a dozen per year).
I have literally dozens of /8s on block: All of APNIC, AFRINIC, South America, Israel, Russia and neighboring real estate... You get the idea.
I get the idea. You could just block the entire IP address space, which would cut your spam rate down to zero. Ever tried that?
The policy here is that if an abusive email gets through: (1) If generated by a hosting company, the entire allocation to that hosting company is blocked; (2) If from dynamic space, it was missed the first time, so added now; (3) If from a microallocation (/25-/32) I block the micro, and if from a company with significant space, but what appears to be just a compromised host, the /24 in which that host lives.
It works.
I would call it the "nuclear glass approach" to spam. If this works for you, great, but I don't know too many people who'd subscribe to your approach (to which RBL hardcore nazis look like teletubbies). -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]