While I always read how reliable OB should be, of the few WL requests I've triggered, all except 1 were from OB.
These were pretty ugly ones indeed, an Adobe child site, a Genuine abused Webmail site, etc, etc.
juts wondering....
Alex
On Saturday, September 25, 2004, 3:53:52 AM, Alex Broens wrote:
While I always read how reliable OB should be, of the few WL requests I've triggered, all except 1 were from OB.
These were pretty ugly ones indeed, an Adobe child site, a Genuine abused Webmail site, etc, etc.
juts wondering....
The slice of Outblaze data we get is from their extensive spamtraps, filtered by recentness of registration and by volume of messages.
It's generally a good approach, but as we can see some FPs get in, despite that filtering and despite our whitelisting, etc.
Perhaps Yusuf of Outblaze can comment further.
Jeff C. -- "If it appears in hams, then don't list it."
[please cc me, I'm not on this list]
Alex Broens [25/09/04 12:53 +0200]:
While I always read how reliable OB should be, of the few WL requests I've triggered, all except 1 were from OB.
These were pretty ugly ones indeed, an Adobe child site, a Genuine abused Webmail site, etc, etc.
Our data feed is rather larger than usual, being spam complaints from our users, from which we try to identify brand new domains that keep getting referenced in spam.
So, we block rather more domains than most people do.
Ham sites can get blocked - for example, an abused webmail site can and will be found in lots of spam reports and sometimes if the webmail service is new enough there will be zero ham for us to cross reference things with, as the site might have more bot created spammer users than regular / legit users.
If these get blocked, please let us know / feel free to whitelist and we'll investigate it (and fix it if it hasn't been fixed yet)
--srs
On Sunday, September 26, 2004, 6:20:38 PM, Suresh Ramasubramanian wrote:
[please cc me, I'm not on this list]
Alex Broens [25/09/04 12:53 +0200]:
While I always read how reliable OB should be, of the few WL requests I've triggered, all except 1 were from OB.
These were pretty ugly ones indeed, an Adobe child site, a Genuine abused Webmail site, etc, etc.
Our data feed is rather larger than usual, being spam complaints from our users, from which we try to identify brand new domains that keep getting referenced in spam.
So, we block rather more domains than most people do.
Ham sites can get blocked - for example, an abused webmail site can and will be found in lots of spam reports and sometimes if the webmail service is new enough there will be zero ham for us to cross reference things with, as the site might have more bot created spammer users than regular / legit users.
If these get blocked, please let us know / feel free to whitelist and we'll investigate it (and fix it if it hasn't been fixed yet)
--srs
Thanks for your feedback on this. Have you guys looked into ways to prevent these from getting on your lists? For example, is the corpus of new additions small enough to be hand-checked?
Seems to me it's better to check first and block second. It's better to let a few spams in than to block legitimate mail, IMO.
Jeff C. -- "If it appears in hams, then don't list it."
Jeff Chan wrote:
Thanks for your feedback on this. Have you guys looked into ways to prevent these from getting on your lists? For example, is the corpus of new additions small enough to be hand-checked?
It is a few hundred a day and does have to be blocked in real time :(
Seems to me it's better to check first and block second. It's better to let a few spams in than to block legitimate mail, IMO.
For most of what we spot (typically pharmacy spam domains) checking first will mean several thousand more emails coming in.
We do get daily reports and scan these for the presence of fps - but some do slip through. If you get any more - please let me know, or let my team at postmaster@outblaze.com know
regards srs
At 13:56 2004-09-27 +0530, Suresh Ramasubramanian wrote:
Jeff Chan wrote:
Thanks for your feedback on this. Have you guys looked into ways to prevent these from getting on your lists? For example, is the corpus of new additions small enough to be hand-checked?
It is a few hundred a day and does have to be blocked in real time :(
Seems to me it's better to check first and block second. It's better to let a few spams in than to block legitimate mail, IMO.
For most of what we spot (typically pharmacy spam domains) checking first will mean several thousand more emails coming in.
How many of those that currently get listed have name servers listed in SBL at the time they get listed? If a substantial part do have their name server listed in SBL, have you considered using that type of data as an aid to filter out FPs in real time?
Patrik
On Monday, September 27, 2004, 4:11:16 PM, Patrik Nilsson wrote:
How many of those that currently get listed have name servers listed in SBL at the time they get listed?
I don't have stats currently, but there is certainly overlap.
If a substantial part do have their name server listed in SBL, have you considered using that type of data as an aid to filter out FPs in real time?
Lack of inclusion in SBL can and probably should be a flag to check for FPs, but there are spam domains, especially new ones, that sometimes don't match SBL, for example due to using a new name server or hosting IP space.
SBL inclusion or non-inclusion is definitely a useful spam versus ham heuristic however.
Jeff C. -- "If it appears in hams, then don't list it."
At 16:28 2004-09-27 -0700, Jeff Chan wrote:
On Monday, September 27, 2004, 4:11:16 PM, Patrik Nilsson wrote:
How many of those that currently get listed have name servers listed in SBL at the time they get listed?
I don't have stats currently, but there is certainly overlap.
If a substantial part do have their name server listed in SBL, have you considered using that type of data as an aid to filter out FPs in real
time?
Lack of inclusion in SBL can and probably should be a flag to check for FPs, but there are spam domains, especially new ones, that sometimes don't match SBL, for example due to using a new name server or hosting IP space.
OK, I'll rephrase my question:
If the ones that do have name servers listed in SBL where sorted out in an automatic process, would the number of new daily domains left be small enough to check manually?
Patrik
Hi!
If a substantial part do have their name server listed in SBL, have you considered using that type of data as an aid to filter out FPs in real
Lack of inclusion in SBL can and probably should be a flag to check for FPs, but there are spam domains, especially new ones, that sometimes don't match SBL, for example due to using a new name server or hosting IP space.
OK, I'll rephrase my question:
If the ones that do have name servers listed in SBL where sorted out in an automatic process, would the number of new daily domains left be small enough to check manually?
We do checks like that, and its like 15-20% thats listed inside SBL with nameservers. So, or us, no. Helps a little, but not enough.
Bye, Raymond.
On Wednesday, September 29, 2004, 12:27:25 PM, Raymond Dijkxhoorn wrote:
If a substantial part do have their name server listed in SBL, have you considered using that type of data as an aid to filter out FPs in real
Lack of inclusion in SBL can and probably should be a flag to check for FPs, but there are spam domains, especially new ones, that sometimes don't match SBL, for example due to using a new name server or hosting IP space.
OK, I'll rephrase my question:
If the ones that do have name servers listed in SBL where sorted out in an automatic process, would the number of new daily domains left be small enough to check manually?
We do checks like that, and its like 15-20% thats listed inside SBL with nameservers. So, or us, no. Helps a little, but not enough.
I agree, there are some SBL hits, but they are probably a minority. More like an occasional extra bonus flag of spamminess. ;-)
Jeff C. -- "If it appears in hams, then don't list it."
-
Alex Broens -
Jeff Chan -
Patrik Nilsson -
Raymond Dijkxhoorn -
Suresh Ramasubramanian