Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - SFDB rejects hotmail, gmail & yahoo
  FAQ FAQ  Forum Search   Register Register  Login Login

SFDB rejects hotmail, gmail & yahoo

 Post Reply Post Reply
Author
tckoay View Drop Down
Newbie
Newbie


Joined: 02 April 2007
Status: Offline
Points: 15
Post Options Post Options   Thanks (0) Thanks(0)   Quote tckoay Quote  Post ReplyReply Direct Link To This Post Topic: SFDB rejects hotmail, gmail & yahoo
    Posted: 06 June 2007 at 11:59am

I notice SFDB blocking IPs from hotmail, gmail & yahoo. Is there anyway I can set in SF for whitelist/skip those big boy IP from SFDB checking? I still want to remain all spam checking except SFDB. Can it be done?

Do SF Whitelist - Excluded Domain/IPs support netmask IPs like 123.123.123.0/16?

 Thanks

 

Back to Top
WebGuyz View Drop Down
Senior Member
Senior Member


Joined: 09 May 2005
Location: United States
Status: Offline
Points: 348
Post Options Post Options   Thanks (0) Thanks(0)   Quote WebGuyz Quote  Post ReplyReply Direct Link To This Post Posted: 06 June 2007 at 12:12pm

We had to really jack up our SFDB setting to a higher number for this reason. There is no way to do what you want but it has been asked for on many occasions. Do a search on SFDB to see the official response.

Still think greylisting is our best bet for actually keeping traffic off of our networks. While its great to quarantine it takes a lot of resources. If we can keep it from getting to us at all it would be much better.



Edited by WebGuyz
http://www.webguyz.net
Back to Top
Desperado View Drop Down
Senior Member
Senior Member
Avatar

Joined: 27 January 2005
Location: United States
Status: Offline
Points: 1143
Post Options Post Options   Thanks (0) Thanks(0)   Quote Desperado Quote  Post ReplyReply Direct Link To This Post Posted: 06 June 2007 at 12:20pm
We too are seeing a huge increase in hotmail, gmail and aol getting on the SFDB.  Perhaps, since there is greater possiblilit of them getting reported due to their volume of message traffic, we could request that the algorithm that logs from those IP's be adjusted somehow.
The Desperado
Dan Seligmann.
Work: http://www.mags.net
Personal: http://www.desperado.com

Back to Top
IKILLSPAM1 View Drop Down
Groupie
Groupie


Joined: 02 May 2007
Location: United States
Status: Offline
Points: 70
Post Options Post Options   Thanks (0) Thanks(0)   Quote IKILLSPAM1 Quote  Post ReplyReply Direct Link To This Post Posted: 07 June 2007 at 12:19pm
Ive had trouble with those domains even before using SFI for filtering. Its always a nuisance. You could, for example, whitelist the class c for any aol servers which get blocked. If I find one that got blocked, I just whitelist the class c its on. Most of those large companys have their mail servers on same class c's.  This is the same for like comcast's smtp servers. I know whitelisting a whole class c might seem like your opening yourself up but I've not seen a problem doing such.

You could also turn up the SFDB Network Reliability setting . Mines on 3 because I am a hard nose with spam.
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4068
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 07 June 2007 at 4:07pm
Our SDFB server actually overrides the minimum "SFDB Network Reliability" setting to ensure it is not too low.

We currently are using a threshold of 9. This means that if users configured a minimum threshold of 3 in their SpamFilter, our SFDB server will increase it to 9 to lower the number of false positives.

If a user decided to be very conservative, and configure a higher threshold of 15 for example, our SFDB server will honor the higher threshold.

This is done because as more and more companies use SpamFilter, more and more are going to report spam, and a higher network reliability is required to obtain more accurate results.

"Unfortunately" the SFDB is very accurate. If an IP is blacklisted, it is **extremely** likely that the IP was used to send spam within the last 24 hours. If the IP belongs to a large provider however, it will cause the issues mentioned here. A mitigating factor is that the large providers often hame several SMTP servers scattered throughout the internet, so when one of their IPs is blacklisted, it only affects a small portions of their customers.

We're listening to your comments, and are brainstorming here to see what can be done about this. The issue is knowing that someone is spamming, but somehow continue to accept emails from them...!
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
Desperado View Drop Down
Senior Member
Senior Member
Avatar

Joined: 27 January 2005
Location: United States
Status: Offline
Points: 1143
Post Options Post Options   Thanks (0) Thanks(0)   Quote Desperado Quote  Post ReplyReply Direct Link To This Post Posted: 07 June 2007 at 6:02pm
Hmmmm ... I guess I do not understand the threshold then.  The default seems to be 3 which I thought meant how many reject ID's were captured.  Can you explain a little more so that I can figure out where to set the threshold?
The Desperado
Dan Seligmann.
Work: http://www.mags.net
Personal: http://www.desperado.com

Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4068
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 07 June 2007 at 8:09pm
With only 3 reject IDs you'd be seeing many more false positives. This is because we now have many more companies using the SFDB than 6 months ago... Since we now have more reporters, we have been incresing slightly each month the minimum number of rejects necessary to blacklist the IPs.

Say now we have 10 companies running SpamFilter and reporting to the SFDB. A minimum of 2 reject IDs would have probably given "OK" results. Next week the reporters increase to 100. It's very likely now that 2 of those 100 companies can have a false report for that IP, so we had to increase the minimum number or reporters to get less false positives, let's say 5. If the following month we have 1,000 companies reporting, we have to increase it even more, as it's possible that with only 5 companies reporting someone out of 1,000 could yield false positives...
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.063 seconds.