At 10:23 28/02/03 +1300, Gordon Smith wrote:
I agree with Juha.
We are seeing more and more spam hitting the mail servers that is being relayed via open socks proxies. At this rate, I think its just going to be a matter of time before we're forced to block inbound connections on proxy ports.
I've had good results with the Osirusoft RBL's - Joe combines the more commonly used ones. Be aware that you may need to whitelist some regions - keep any eye on your rejections.
While relays.osirusoft.com certainly catches a lot of spam, my own stats suggest that a combination of both relays.osirusoft.com and ordb.org still miss around 40% of spam, and osirusoft.com gives an unacceptable number of false positives that need to be manually worked around. The days of straight RBL based connection rejection for spam filtering are over IMHO, spammers are just too clever now and have too many different methods of attack. IP based RBL blacklists (used in isolation) are a bit like using a sledgehammer to crack a nut - sure it will crack the nut, but you might flatten your thumb in the process, or not end up with anything edible :) Definately the next generation of spam filtering is a multipronged approach like Spamassassin, which is starting to achieve quite impressive results...
Spamcop seems to be fairly conservative in its listings. I'd disagree with Mike Beattie's comments - the rant on the link posted is just that, a misguided rant. I'm sure we're all aware of the additional workload created by UCE. Unfortunately, it would seem that at least one ISP (that of Mr. Felton) failed to perform due diligence.
I personally don't think much of spamcop after having been falsely listed by them a couple of times, but at least its easy to get unlisted again if you're not guilty..... Regards, Simon