Re: PLUG: PMAS
- From: "John E. Malmberg" <wb8tyw@xxxxxxxxxxx>
- Date: Mon, 18 Jun 2007 13:56:04 GMT
Bill Gunshannon wrote:
In article <46755c79$1@xxxxxxxxxxxxxxxxxxx>,
But that just increases the likelihood of a false positive. I have
people who contact me who get bounces every once in a while. When
asked, I usually look at the logs to see why. You would be amazed
(well, maybe not) at the number of places, like comcast, that have
multiple MTA machines, which seem to get selected at randow when a
user sends an email, where one or two of them are RBLed. Result:
most messages go thru but every once in a while one gets rejected.
And I can assure you even when the retune messages says it was rejected
because of an RBL the user doesn't understand. All he knows is he
couldn't send email to that address. At that point, most users just
give up.
I am curious at what filtering that you are using that is having such a high false positive rate. The state of the art that can be obtained with DNSbsl is > 80% with out a DHCP list, and well into the 90% in spam detection. The false positive rate with out a DHCP list is too low to measure, and below the rate of which e-mail gets lost from human/network/server issues. With a DHCP list, the risk of rejecting a good e-mail increases to about .001 percent. Again, more good mail probably gets lost for other reasons beyond the mail server operator or network administrators control.
So what DNSbls are you using that generate these higher rates of false positives?
The only time that I saw two of my former ISP's mailservers get put in a DNSbl, sample spams obtained from news.admin.net-abuse.email and spamcop.net (back when anyone could look that up), showed that one server was operating as an open relay, and the other at the same time appeared to be either an open proxy or completely owned by the spammer.
The MAPS OPS list will also show sample spams if you are trying to find out the spam history of a I.P. address.
And apparently two other very large ISPs also immediately put them in a local blocking list, based on postings on an internal news group. It took longer to get those blocks removed than from the DNSbls once the problem was fixed. These private blocks were noticed by the users more than the DNSbl listing was.
(RBL amd DUL are a trademark of MAPS and they have taken legal action against blocking list operators and/or software vendors that use those terms as generic)
But which is easier and more likely to succeed? Trying to guess a
"keyword" that appears in all this SPAM or searching for keywords
that are relevant to your business?
No, that is a waste of CPU cycles. However almost all spam has a URL in it that will resolve to a I.P. address that has long been listed as totally controlled by the spammer.
It is now almost impossible for a spammer to keep a website up long enough for a spam run on a dedicated hosting company unless that company is actively supporting spammers only. To get around that, spammers are trying to host web sites on systems infected with malware.
AOL reacted to that first by rejecting all e-mails with only numbered IP address URLs in them, which forced the spammers to start buying domain names. The domain names can be changed, but they still usually resolve to a known controlled I.P.
In article <f53kiv$fr2$1@xxxxxxxxxxxxxxxxx>,
david20@xxxxxxxxxxxxxxxx writes:
However if things are setup correctly the sender should get back a message saying that they have been blocked because they are on that particular RBL.
And do you really think my father would have understood that message? :-) I work in the Computer Science Department of University and I doubt that
half the faculty or one tenth of our students would.
When it is done properly though, the mail message about the non-delivery is done by the server local to the sender. So if that message is not understandable, the reason for that usually lies with the ISP running the mail server. And that is the same ISP that the user needs to contact to get the problem resolved.
And most of the mail servers that I have seen allow local customization of the bounce message they send to their internal network users.
Very obvious when the local system messes up the edits.
Unfortunately it is worse than Bill describes about the quality of the message.
Many ISPs will suggest that the sender try rebooting their computer to resolve an issue, and most users are not aware of how competent their ISP is in these areas.
I have seen Gmail file bounce messages from mail sent from it in the spam folder, where POP users will never see them. Now that is a prime example of broken software. Since a Gmail server generated the bounce from a reject it received from an authenticated user sending through it, it should never have a false positive.
Other ISPs silently delete all bounce messages, and some mail servers do not pass through the reject code and text.
-John
wb8tyw@xxxxxxxxxxx
Personal Opinion Only
.
- Follow-Ups:
- Re: PLUG: PMAS
- From: JF Mezei
- Re: PLUG: PMAS
- From: Phillip Helbig---remove CLOTHES to reply
- Re: PLUG: PMAS
- From: Bill Gunshannon
- Re: PLUG: PMAS
- References:
- PLUG: PMAS
- From: Mark Daniel
- Re: PLUG: PMAS
- From: Phillip Helbig---remove CLOTHES to reply
- Re: PLUG: PMAS
- From: Bill Gunshannon
- Re: PLUG: PMAS
- From: Richard B. Gilbert
- Re: PLUG: PMAS
- From: david20
- Re: PLUG: PMAS
- From: Bill Gunshannon
- Re: PLUG: PMAS
- From: Phillip Helbig---remove CLOTHES to reply
- Re: PLUG: PMAS
- From: Peter 'EPLAN' LANGSTOeGER
- Re: PLUG: PMAS
- From: Bill Gunshannon
- PLUG: PMAS
- Prev by Date: Re: PLUG: PMAS
- Next by Date: Re: VMS set Audit/disable command
- Previous by thread: Re: PLUG: PMAS
- Next by thread: Re: PLUG: PMAS
- Index(es):
Relevant Pages
|
