In an older episode (Monday, 31. October 2005 00:22), George Georgalis wrote:
Before I started using spam.dnsbl.sorbs.net I tested a corpus of spam and ham and determined the best way to implement.
But in the past 48 hours, mail relays from road runner, and cablevision have been added.
http://www.us.sorbs.net/using.shtml spam.dnsbl.sorbs.net - List of hosts that have been noted as sending spam/UCE/UBE to the admins of SORBS. This zone also contains netblocks of spam supporting service providers, including those who provide websites, DNS or drop boxes for a spammer. Spam supporters are added on a 'third strike and you
are
out' basis, where the third spam will cause the supporter to be added to the list.While I appreciate sending the message to lame ISPs about controlling their users, adding these relays to the blacklist causes a lot of false positives. Has sorbs been reasonable in their judgment to add them, how often does it take 30 million (or whatever) random subscribers to produce 3 spams, and what is reasonable for an ISP to do about it?
I have filled out their (sorbs) complex web support forms before, on behalf of a 3rd party, and never got a response. Now, since I'm complaining about relays being added that aren't mine, I cannot even get through the questions to a dialog I can enter my observation (when I properly answer the questions).
Unfortunately for me this is 2 strikes and you're out, sorbs. Is there a good alternative for spam.dnsbl.sorbs.net?
I have found ix.dnsbl.manitu.net very useful. I use it at the MTA level and with a SA rule like: header LOCAL_RCVD_IN_IXM eval:check_rbl('ixmani', 'ix.dnsbl.manitu.net.') describe LOCAL_RCVD_IN_IXM Received via a host listed in ix.dnsbl.manitu.net tflags LOCAL_RCVD_IN_IXM net score LOCAL_RCVD_IN_IXM 5
For details see http://www.heise.de/ix/nixspam/dnsbl_en/
cheers,
wolfgang