Mailing List SIMS@mail.stalker.com Message #12818
From: Bill Cole <listbill@scconsult.com>
Subject: Re: What are the Best RBL's to use?
Date: Fri, 18 Apr 2003 14:19:44 -0400
To: SIMS Discussions <SIMS@mail.stalker.com>
At 9:52 AM -0700 4/18/03, Sean Lackey  imposed structure on a stream of electrons, yielding:
Howdy,

I just found and joined this list and was wondering what other's are
using in their RBL lists.  I was using spamcop exclusively until a
couple days ago, but suddenly there was a new influx of spam it wasn't
catching. (usually sent through hotmail, yahoo, aol, etc.)So I added a
bunch more.  they have definitely had an effect, but one had to be
removed "blackholes.five-ten-sg.com"  because it blocked yahoo mail.  So
the following are now loaded:

bl.spamcop.net "See http://spamcop.net/bl.shtml"

Huge false positive problems. Their basic flaw is that their input data is totally unvetted and has a lot of incredibly clueless people submitting mail, some of which is NOT SPAM. Read that page yourself, and note that Spamcop itself does not recommend the use of that list for serious mail systems.

blackhole.compu.net "See http://blackhole.compu.net"

No comment. I am not familiar with them at all.

relays.ordb.org "See http://relays.ordb.org"

Uses some very ethically questionable means for building the list.

sbl.spamhaus.org

The cream of the crop. A most excellednt list run by a serious man of high integrity and concern for saving the mail system, not just blowing it up so that the spammers can't knock it to pieces.

relays.visi.com

dead. Pointless to query.

cn-kr.blackholes.us
singapore.blackholes.us
china.blackholes.us
korea.blackholes.us

My understanding is that these last 2 are duplicative of the first one.

malaysia.blackholes.us
nigeria.blackholes.us
wanadoo-fr.blackholes.us
verio.blackholes.us

Note that if you really want to do these things, those last 2 are fine. Be sure that you are aware of what this means. You will not get any mail from the customers of the largest provider in France or one of the largest business-oriented providers in the US.

dsn.rfc-ignorant.org

That list is not about spam control, it is about Derek Balling's view of how people should run their mail servers. I tend to agree with those views usually, but you will reject mail based on this particular list because the operator of the listed site has chosen to reject mail with null senders, probably as a (misguided and silly) spam-control measure. In essence, this list will have youn rejecting mail from servers run by idiots, even though they are not in any way associated with spamming.

list.dsbl.org

Ethically disgusting and fundamentally flawed, a list which demonstrates the GIGO principle and whose designers and operators live in a fantasy world where the good guys are safe from tampering by the bad guys who they try to list.

spamhaus.relays.osirusoft.com

A duplication of sbl.spamhaus.org, with time delay and an idiosyncratic view of how to run DNS.

Any opinions?

Here are some of the ones I use:

dialups.relays.osirusoft.com

Nearly all dialup and dynamically assigned addresses should not be sending directly to your server. You will have to do exemptions for your own dialups (if any) or get get users to authenticate well if they are on dialups, but otherwise this is really pretty good.


korea.services.net

This catches some holes in the blackholes.us similar list

opm.blitzed.org
socks.relays.osirusoft.com

These are overlapping complimentary lists of open proxies. Open proxies are gutter-spammers' favorite path these days, so these will help a lot.

blackholes.wirehub.net

A contender with the SBL for the title of best sanely-run list of spam sources. Okay, maybe not a contender, but a definite lock for 2nd place.


Any dead ones?  spamhaus and spamcop still seem to catch
the lions share.  I loaded some of the country ones, from blackholes.us
but there aren't any for europe. I really would like to block the entire
damn continent.   My server doesn't need email from anywhere other than
North America, anyone know of an RBL to block whole continents?  In
particular, one of my co-workers has been targeted for porn spam, and
the RBL's never catch it, this poor woman is a saint and quite annoyed
by it all and keeps forwarding it all to me and I block the IP of each
email she gets but that's like firing bullets into the ocean.  If I
could block Europe, that would be a start.

Well, the new and improved scconsult.com local blacklist is still available, now at http://www.scconsult.com/blacklist.shtml and it has a lot of European and Asian blocks in it. I would not suggest trying to load the whole thing into SIMS as it has grown too big for that (it is still formatted that way, for historical reasons...) You may find a lot of blocks in there to use, as I comment on almost all of them.


--
Bill Cole
bill@scconsult.com

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster