Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - DNS White Lists
  FAQ FAQ  Forum Search   Register Register  Login Login

DNS White Lists

 Post Reply Post Reply
Author
yapadu View Drop Down
Senior Member
Senior Member


Joined: 12 May 2005
Status: Offline
Points: 297
Post Options Post Options   Thanks (0) Thanks(0)   Quote yapadu Quote  Post ReplyReply Direct Link To This Post Topic: DNS White Lists
    Posted: 05 February 2011 at 2:32am
Has anyone ever used a whitelist?

I found dnswl.org today; and I know goodmail used to have one (just shut down?).

Does spamfilter support these type of lists, I know it can do it for blacklisting but what about whitelisting?
--------------------------------------------------------------
I am a user of SF, not an employee. Use any advice offered at your own risk.
Back to Top
yapadu View Drop Down
Senior Member
Senior Member


Joined: 12 May 2005
Status: Offline
Points: 297
Post Options Post Options   Thanks (0) Thanks(0)   Quote yapadu Quote  Post ReplyReply Direct Link To This Post Posted: 05 February 2011 at 4:04am
Ok, I really thought there would be great value in these whitelists so I did a bit of testing.

We keep a record of all messages that users release from quarantine (false positives), we keep them for 1 week.

So I took a 1 week sample of the IP addresses of these false positives.  These messages the users say are NOT spam.

I ran the list against the dnswl.org to see what the sending server reported.

dnswl has a 4 ratings:

Grade 0: no rating
Grade 1: medium chance of spam
Grade 2: low chance of spam
Grade 3: no chance of spam <- Automatically be allowed through?

I found they should have another grade also, I called it grade 9 which is unlisted in their system.

Grade 0: 41.84%
Grade 1: 9.97%
Grade 2: 3.11%
Grade 3: 0.65%

Grade 9: 44.32% <- No match in their system at all

Considering I was running through a list of false positive messages I really thought there would be a higher trend towards the grade 3 ranking.  I was only considering to whitelist a sender if they were rated 100% not a spam sender.

With only 0.65% of false positives being considered not a possible spam sender by dnswl.org it hardly seems worthwhile to even do the tests.



Edited by yapadu - 05 February 2011 at 4:06am
--------------------------------------------------------------
I am a user of SF, not an employee. Use any advice offered at your own risk.
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4104
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 05 February 2011 at 8:24am
yapadu,

Thanks for posting these results. We've never advertised this (and with hindsight we should have), but we do use dnswl.org already, specifically with our SFDB database. IPs are being blacklisted, in realtime, in our SFDB database, but this is done also by considering their whitelist score with the dnswl.org database, for which we keep a local copy on our servers updated nightly. This has been done since the implementation of the SFDB filter years ago, and it has helped to make the SFDB filter extremely accurate, as years of blocking have shown. As an example, at any time we block somewhere between 200,000 and 400,000 IPs with the SFDB filter. Yet we only receive on average one or two complaints a month from admins of networks who had IPs blocked. In more that half of the cases, by the time the admins write us their IPs had already been delisted since the spam originating from them had stopped or slowed down. In the other half they were actively spamming and in this case we provide them with reports on the offender IPs so they can locate the source and stop it. These are all things that happen in the background here but never mentioned them... :-)
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
yapadu View Drop Down
Senior Member
Senior Member


Joined: 12 May 2005
Status: Offline
Points: 297
Post Options Post Options   Thanks (0) Thanks(0)   Quote yapadu Quote  Post ReplyReply Direct Link To This Post Posted: 05 February 2011 at 9:26pm
I did further testing after posting that message.  I took the 1000 latest messages in quarantine and ran the same test.  The results were much worse than the first test, there were 23 ranking at grade 0 and the rest were all unknown to the whitelist service. 

From my testing (and what you have stated above) there seems to be no value in having the lookups against the whitelist at the individual server level.


Edited by yapadu - 05 February 2011 at 9:27pm
--------------------------------------------------------------
I am a user of SF, not an employee. Use any advice offered at your own risk.
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.242 seconds.