[Fwd: Re: getting bogofilter feedback to the mail server.]
Tom Anderson
tanderso at oac-design.com
Thu Sep 21 18:08:53 CEST 2006
Tom Allison wrote:
> I would use the token: dsl231-057-097.sea1.dsl.speakeasy.net...
> If that token has a spamicity of >= 0.9999 then I would add your DSL
> address to the black list. Then I really don't care what alias you
> use...
>
> Sane?
What if a spammer has that address one day and your best friend gets it
the next? Cable/DSL addresses are dynamic. Or what if both a spammer
and a friend are on the same mail server. Say, gmail for instance?
I would just use the already existing DNSBLs (like I already do) to
block addresses "at the door", so to speak. Let them handle the adding
and removing of addresses. Moreover, they will allow you to block spam
from spammers you've never met before. This is important because
spammers can move around a lot. By the time an address scores 0.999 or
whatever, you may never see it again, but you'll instead get the same
spams from a different address. But if several other people (or
honeypots) got a spam and it gets added to a DNSBL, you can reject it
the first time it arrives.
Here are the ones I use:
http.dnsbl.sorbs.net
socks.dnsbl.sorbs.net
smtp.dnsbl.sorbs.net
web.dnsbl.sorbs.net
relays.visi.com
sbl-xbl.spamhaus.org
list.dsbl.org
dsn.rfc-ignorant.org
postmaster.rfc-ignorant.org
bogusmx.rfc-ignorant.org
whois.rfc-ignorant.org
Some are more relevant than others, but they all contribute to the
severe reduction of spam coming through to my users. I block between
50-60% of mail in this way and I've never received a report of
legitimate contacts getting bounced.
Tom
More information about the Bogofilter
mailing list