Possible Feature |
Post Reply 
|
| Author | |
Desperado 
Senior Member 
Joined: 27 January 2005 Location: United States Status: Offline Points: 1143 |
 Post Options
 Thanks(0)
 Quote Reply
 Topic: Possible FeaturePosted: 01 August 2007 at 3:56pm |
|
Has anyone looked at http://www.dnswl.org ?
They seem to have a reasonable (as far as I can tell so far) dns white list that is queried just like a dnsbl but gives whitelisted results. Thoughts? This may reduce the issues with hotmail and AOL servers getting on the SFDB if it can be set as a "White List Server" option in SF.
|
|
|
The Desperado
Dan Seligmann. Work: http://www.mags.net Personal: http://www.desperado.com |
|
 |
|
|
sgeorge
Senior Member
Joined: 23 August 2005 Status: Offline Points: 178 |
Post Options
Thanks(0)
Quote Reply
Posted: 01 August 2007 at 4:21pm |
|
That seems like a fantastic idea, good find!
I'm sure that their criteria list will become inevitably become a source of controversy - both for the ips that are allowed on the list and those that are not. But I bet this list (and any other breeds out there that may show up) would be extremely useful. If one could use the dynamic list to whitelist servers, OR merely to allow those servers to simply skip the MAPS checks, it would be extremely handy. Stephen |
|
|
|
|
Desperado
Senior Member
Joined: 27 January 2005 Location: United States Status: Offline Points: 1143 |
Post Options
Thanks(0)
Quote Reply
Posted: 01 August 2007 at 4:50pm |
|
Stephen, So far, 53 out of 53 "False" SFDB positives I queried off that list were correctly listed. I find that to be a good "first inspection" statistic. My thought (And I have briefly discussed it with Logsat) would be to use the list to prevent additions to the SFDB in the first place. Then, all the other filters in SFI or SFE would still function but the "Biggies" would not get routinely black-listed. |
|
|
The Desperado
Dan Seligmann. Work: http://www.mags.net Personal: http://www.desperado.com |
|
|
|
|
WebGuyz
Senior Member
Joined: 09 May 2005 Location: United States Status: Offline Points: 348 |
Post Options
Thanks(0)
Quote Reply
Posted: 01 August 2007 at 5:38pm |
|
Good idea to centralize something like this as many would benefit. |
|
|
http://www.webguyz.net
|
|
|
|
|
__M__
Groupie 
Joined: 30 August 2006 Location: Australia Status: Offline Points: 75 |
Post Options
Thanks(0)
Quote Reply
Posted: 01 August 2007 at 11:59pm |
|
Nice!
|
|
|
|
|
matthias
Newbie 
Joined: 02 August 2007 Location: Switzerland Status: Offline Points: 2 |
Post Options
Thanks(0)
Quote Reply
Posted: 02 August 2007 at 4:05am |
|
Hi all,
I'm one of the admins of dnswl.org. Nice to see you like the idea and that it seems to be of help for you :) As to the suggested usage of dnswl.org entries: we have four trustlevels: "none", "low", "med", "hi". The frontpage of our website shows the suggested usage for those four levels (http://www.dnswl.org/). Those with a trustlevel of "none" include the servers of big consumer-level providers, including Yahoo and Google Mail, so you may want to be careful about those. If you plan to include queries to dnswl.org by default in some product, we would be thankful if you can also provide a DNS mirror to help spread the load. As sgeorge noted above, entries in dnswl.org and their trustlevel can be subject to discussion. While we do have guidelines on how to determine the trustlevel (eg, correct [r]DNS, SWIPed whois entries, track record at senderbase.org and Google Groups, various DNSBL lookups), there is always a subjective element. If in doubt, an entry gets assigned a lower trustlevel, which may be raised over time if traffic patterns allow it. As I don't monitor this forum regularly, you can also write me directly at matthias /at/ leisi.net or admins /at/ dnswl.org. -- Matthias |
|
|
|
|
Desperado
Senior Member
Joined: 27 January 2005 Location: United States Status: Offline Points: 1143 |
Post Options
Thanks(0)
Quote Reply
Posted: 02 August 2007 at 10:29am |
|
I am e-mailing you now
|
|
|
The Desperado
Dan Seligmann. Work: http://www.mags.net Personal: http://www.desperado.com |
|
|
|
|
LogSat
Admin Group 
Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
Quote Reply
Posted: 21 August 2007 at 4:22pm |
|
Thanks to Desperado's suggestion and matthias' support, we implemented the DNSWL into the SFDB. As of today, the DNSWL data is being incorporated into the SFDB database, so that the results provided by the SFDB lookups provide results already adjusted to take into account the DNSWL trust levels.
In this initial implementation stage the DNSWL data will be updated every few days rather than daily. However since the whitelist changes are very small, this should not be an issue. Note - there are no changes required to SpamFilter's configurations, everything is handled on the SFDB server. |
|
|
|
|
matthias
Newbie
Joined: 02 August 2007 Location: Switzerland Status: Offline Points: 2 |
Post Options
Thanks(0)
Quote Reply
Posted: 21 August 2007 at 4:33pm |
|
Thanks for using dnswl.org data :-)
For those running their own outgoing mailserver (which no doubt many of you are), you can get added to dnswl.org data yourself by using the request form on our website. We can't guarantee any particular level of listing, but we will evaluate all requests fairly. If you have any questions please feel free to ask. As I won't be monitoring this forum regularly, you an reach me by mail (direct: matthias .at. leisi.net, generic: admins .at. dnswl.org). |
|
|
|
|
jerbo128
Senior Member
Joined: 06 March 2006 Status: Offline Points: 178 |
Post Options
Thanks(0)
Quote Reply
Posted: 21 August 2007 at 5:31pm |
|
Roberto,
Can you go into it a bit more on how the SFDB is tied in with the whitelist. Does this mean that when an IP is checked, instead of returning a "15", the database may return a -10 (negative number) to indicate that the domain is trusted?
How will this play in with other filters?
thanks
jerbo128
|
|
|
|
|
LogSat
Admin Group
Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
Quote Reply
Posted: 21 August 2007 at 7:06pm |
|
If an IP is being blacklisted with a score of 60, but the whitelist marks it with a "high" trust lever, the SFDB lookup result will return a value of 7. We are dividing the original thresholds by a factor that depends on the whitelist trust level, not subtracting, so SFDB lookup results will never be negative, they will just be lower to whitelisted IPs.
Please note - While SpamFilter has a minimum SFDB threshold settings, so that any results over that minimum will mark the email as spam, the SFDB server has a minimum value as well that may override SpamFilter' setting. This is done as more companies use the SFDB, we receive more reports about spammers, thus the lookup results for the SFDB will increase. If SpamFilter's setting is too low, this will increase the chance of false positives. So in this case, if SpamFilter's setting is below what we determine to be a safe minimum, our main SFDB setting will prevail. If SpamFilter's setting is higher than our safe minimum, then that higher setting prevails over our minimum value on our SFDB server. This is because if the admin opted to stop less spam by setting a higher threshold, because they want to see less false positives, we need to respect that and will not impose our settings. |
|
|
|
Topic Options|
Post Reply
|
|
Tweet
|
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
This page was generated in 0.330 seconds.