Spam Filter ISP Support - DNS White Lists

Print Page | Close Window

DNS White Lists

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=6914
Printed Date: 22 December 2024 at 3:08pm

Topic: DNS White Lists

Posted By: yapadu
Subject: DNS White Lists
Date Posted: 05 February 2011 at 2:32am

Has anyone ever used a whitelist?

I found dnswl.org today; and I know goodmail used to have one (just shut down?).

Does spamfilter support these type of lists, I know it can do it for blacklisting but what about whitelisting?

-------------
--------------------------------------------------------------
I am a user of SF, not an employee. Use any advice offered at your own risk.

Replies:

Posted By: yapadu
Date Posted: 05 February 2011 at 4:04am

Ok, I really thought there would be great value in these whitelists so I did a bit of testing.

We keep a record of all messages that users release from quarantine (false positives), we keep them for 1 week.

So I took a 1 week sample of the IP addresses of these false positives. These messages the users say are NOT spam.

I ran the list against the dnswl.org to see what the sending server reported.

dnswl has a 4 ratings:

Grade 0: no rating
Grade 1: medium chance of spam
Grade 2: low chance of spam
Grade 3: no chance of spam <- Automatically be allowed through?

I found they should have another grade also, I called it grade 9 which is unlisted in their system.

Grade 0: 41.84%
Grade 1: 9.97%
Grade 2: 3.11%
Grade 3: 0.65%

Grade 9: 44.32% <- No match in their system at all

Considering I was running through a list of false positive messages I really thought there would be a higher trend towards the grade 3 ranking. I was only considering to whitelist a sender if they were rated 100% not a spam sender.

With only 0.65% of false positives being considered not a possible spam sender by dnswl.org it hardly seems worthwhile to even do the tests.

-------------
--------------------------------------------------------------
I am a user of SF, not an employee. Use any advice offered at your own risk.

Posted By: LogSat
Date Posted: 05 February 2011 at 8:24am

yapadu,

Thanks for posting these results. We've never advertised this (and with hindsight we should have), but we do use dnswl.org already, specifically with our SFDB database. IPs are being blacklisted, in realtime, in our SFDB database, but this is done also by considering their whitelist score with the dnswl.org database, for which we keep a local copy on our servers updated nightly. This has been done since the implementation of the SFDB filter years ago, and it has helped to make the SFDB filter extremely accurate, as years of blocking have shown. As an example, at any time we block somewhere between 200,000 and 400,000 IPs with the SFDB filter. Yet we only receive on average one or two complaints a month from admins of networks who had IPs blocked. In more that half of the cases, by the time the admins write us their IPs had already been delisted since the spam originating from them had stopped or slowed down. In the other half they were actively spamming and in this case we provide them with reports on the offender IPs so they can locate the source and stop it. These are all things that happen in the background here but never mentioned them... :-)

-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP

Posted By: yapadu
Date Posted: 05 February 2011 at 9:26pm

I did further testing after posting that message. I took the 1000 latest messages in quarantine and ran the same test. The results were much worse than the first test, there were 23 ranking at grade 0 and the rest were all unknown to the whitelist service.

From my testing (and what you have stated above) there seems to be no value in having the lookups against the whitelist at the individual server level.

-------------
--------------------------------------------------------------
I am a user of SF, not an employee. Use any advice offered at your own risk.

Print Page | Close Window