I said:
Also, I do agree with the philosophy that a little collateral damage from legitimate sources is O.K. if the network originally sending the spam is a known, flagrant, and unrepentant spam source. (How else are they going to be motivated to clean up their act?)
Jeff responded:
FWIW this is one thing about Spamhaus and other RBLs that I don't like. I don't believe in punishing innocent IP addresses this way in order to pressure ISPs.
When I read Jeff's comment, I realized that I worded my original statement in a way that could be taken differently that what I intended. To be sure, I abhor the practices described in this article:
http://www.nwfusion.com/research/2001/0910feat.html
But, at the same time, I don't have a problem when out of every 1,000 e-mails coming from a source like Munged-terra.es, 1 legitimate e-mail gets blocked along with 999 spam e-mails.
But we should not start flamewars about RBLs here.
Sorry, I didn't mean to start such a ruckus. I have a proposal. I'll re-configure my filter so that it only blocks those IPs at the MTA level which are listed on both (1) DSBL (...AND...) (2) listed on at least one of the two SpamHaus lists.
If a message does not fit this criteria, then I'll allow it through and (next) filter out messages via SURBL.
After SURBL filtering, out of the remaining messages, I'll then re-check them using EACH of the following three lists:
(1) list.dsbl.org (2) xbl.spamhaus.org (3) sbl.spamhaus.org
(Remember, this will already EXCLUDE those things which are on BOTH list.dsbl.org and sbl-xbl.spamhaus.org. It will also exclude stuff that was block by standard SURBL. Therefore, hopefully, what is left over won't be too huge to analyze.)
Messages then block by any of these three lists will be saved to a folder corresponding to that list.
After about a week of this, I'll zip each of these folders of messages and e-mail the zipped files to Jeff, Raymond, Patrik, and anyone else interested. (I have to be careful here for privacy issues). I'll also provide my own stats for what I judged to be FPs vs. total spams for each folder.
Certainly, this won't be a perfect test because my base of users is not as large as an ISP, for example. But it would be interesting, don't you think?
This way, we can then let the data speak for itself.
How does that sound?
Rob McEwen