[Mimedefang] DNS Lookups in MD - Was RBL and DNS lookups
Kevin A. McGrail
kmcgrail at pccc.com
Tue May 15 10:47:24 EDT 2007
>> On my main server, I blocked 1904 emails out 16584 using Invalid MX
>> Checks
>
> OK, that doesn't answer my question.
>
> How many of these would also have been blocked by something else pre-
> SA?
I'm sorry, oh mighty one, that I did not run tests to your satisfaction ;-P
As these are on a live server and they got to the point of running an
Invalid MX Check, none of them would be blocked by anything else pre-MD and
they never get to SA. So the answer to your question is 0. None of them
would be blocked by something else pre-SA because I only perform 4 blocking
techniques. Dictionary Attacks automatec for 90 minutes, Virus/Malware,
Failure to reverse per Sendmail and Invalid MX. Invalid MX is the last one
so if it got to it, it would not be blocked by anything else.
>> This test is based on AOL's reverse pointer rules. AOL uses this test to
>> outright block email. We use it ONLY to score email.
>
> If everybody else was jumping over a cliff, etc. Just because AOL is
> doing something really dumb doesn't mean everybody else has to be.
Haha, thanks Dad. No, but because AOL is doing it, I can get away with
being a bit more strict in my checks without having any one complain. I can
then just point to AOL as then 1000lb gorilla and investors/customers/etc.
stop arguing.
By the same argument, my FAVORITE part about AJAX and Maps.google.com was
that it FINALLY allowed me to tell venture capitalists, startups, customers,
etc. that supporting older browsers was no longer as necessary because
Google as the 1000lb gorilla had dropped a bunch of old browsers. No longer
support AOL 3.0 and NSCA's browser for e-commerce is quite a blessing for
me:
http://maps.google.com/support/bin/answer.py?answer=16532&topic=10792
Which web browsers does Google Maps support?
Google Maps currently supports the following web browsers:
a.. IE 6.0+ (download: Windows)
b.. Firefox 0.8+ (download: Windows Mac Linux)
c.. Safari 1.2.4+ (download: Mac)
d.. Netscape 7.1+ (download: Windows Mac Linux)
e.. Mozilla 1.4+ (download: Windows Mac Linux)
f.. Opera 8.02+ (download: Windows Mac Linux)
If you're using one of these browsers and are encountering problems,
please visit our troubleshooting guidelines.
> Is it worth it for 0.01 point in SA? What about 0.1? In other words,
> how many messages have you rejected because of SA scoring that hit this
> test *and* have a score between "reject" and "reject +
> score_for_missing_pointer"? I run this analysis for every expensive
> test, and so far none filter more than 1% of bad e-mail that would not
> otherwise have already been filtered.
For me, I get AT LEAST 5000 spams a day. 1% of 5000 is not "expensive" as
it saves 50 junk emails from my inbox.
> By my studies, unless you start scoring some of these things at 3-5
> points in SA, the number they push "over the edge" is so tiny that both
> the cycles and maintaining the code are far more work.
I do score many at these numbers as HIGH as 9, in fact. You can see the
rules and scoring at
http://www.peregrinehw.com/downloads/SpamAssassin/contrib/KAM.cf
I do not recommend using SA scores to block email. SPAM is in the eye of
the beholder and 10 is too low IMO.
> But, for expensive tests (and reverse DNS is very expensive in this
> case, since you tend to have to do uncached lookups for every new
> zombie machine), unless they are *very* accurate (i.e., no false
> postive/negative) and *very* indicative (i.e., can be assigned a high
> SA score or used to reject outright), they tend to be something that
> just won't scale well to large volumes of e-mail.
We'll agree to disagree and I'll continue as-is. I believe these tests such
as pathway analysis, reverse DNS, URI lists, etc. may soon be the only truly
effective anti-SPAM techniques available. However, you should consider
joining the SA project if you are this adamant about it because it might be
more helpful than attacking just me.
Regards,
KAM
More information about the MIMEDefang
mailing list