DNS White Lists |
Post Reply |
Author | |
yapadu
Senior Member Joined: 12 May 2005 Status: Offline Points: 297 |
Post Options
Thanks(0)
Posted: 05 February 2011 at 2:32am |
Has anyone ever used a whitelist?
I found dnswl.org today; and I know goodmail used to have one (just shut down?). Does spamfilter support these type of lists, I know it can do it for blacklisting but what about whitelisting? |
|
--------------------------------------------------------------
I am a user of SF, not an employee. Use any advice offered at your own risk. |
|
yapadu
Senior Member Joined: 12 May 2005 Status: Offline Points: 297 |
Post Options
Thanks(0)
|
Ok, I really thought there would be great value in these whitelists so I did a bit of testing.
We keep a record of all messages that users release from quarantine (false positives), we keep them for 1 week. So I took a 1 week sample of the IP addresses of these false positives. These messages the users say are NOT spam. I ran the list against the dnswl.org to see what the sending server reported. dnswl has a 4 ratings: Grade 0: no rating Grade 1: medium chance of spam Grade 2: low chance of spam Grade 3: no chance of spam <- Automatically be allowed through? I found they should have another grade also, I called it grade 9 which is unlisted in their system. Grade 0: 41.84% Grade 1: 9.97% Grade 2: 3.11% Grade 3: 0.65% Grade 9: 44.32% <- No match in their system at all Considering I was running through a list of false positive messages I really thought there would be a higher trend towards the grade 3 ranking. I was only considering to whitelist a sender if they were rated 100% not a spam sender. With only 0.65% of false positives being considered not a possible spam sender by dnswl.org it hardly seems worthwhile to even do the tests. Edited by yapadu - 05 February 2011 at 4:06am |
|
--------------------------------------------------------------
I am a user of SF, not an employee. Use any advice offered at your own risk. |
|
LogSat
Admin Group Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
|
yapadu,
Thanks for posting these results. We've never advertised this (and with hindsight we should have), but we do use dnswl.org already, specifically with our SFDB database. IPs are being blacklisted, in realtime, in our SFDB database, but this is done also by considering their whitelist score with the dnswl.org database, for which we keep a local copy on our servers updated nightly. This has been done since the implementation of the SFDB filter years ago, and it has helped to make the SFDB filter extremely accurate, as years of blocking have shown. As an example, at any time we block somewhere between 200,000 and 400,000 IPs with the SFDB filter. Yet we only receive on average one or two complaints a month from admins of networks who had IPs blocked. In more that half of the cases, by the time the admins write us their IPs had already been delisted since the spam originating from them had stopped or slowed down. In the other half they were actively spamming and in this case we provide them with reports on the offender IPs so they can locate the source and stop it. These are all things that happen in the background here but never mentioned them... :-)
|
|
yapadu
Senior Member Joined: 12 May 2005 Status: Offline Points: 297 |
Post Options
Thanks(0)
|
I did further testing after posting that message. I took the 1000 latest messages in quarantine and ran the same test. The results were much worse than the first test, there were 23 ranking at grade 0 and the rest were all unknown to the whitelist service.
From my testing (and what you have stated above) there seems to be no value in having the lookups against the whitelist at the individual server level. Edited by yapadu - 05 February 2011 at 9:27pm |
|
--------------------------------------------------------------
I am a user of SF, not an employee. Use any advice offered at your own risk. |
|
Post Reply | |
Tweet
|
Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
This page was generated in 0.242 seconds.