Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - Possible Feature
  FAQ FAQ  Forum Search   Register Register  Login Login

Possible Feature

 Post Reply Post Reply
Author
Desperado View Drop Down
Senior Member
Senior Member
Avatar

Joined: 27 January 2005
Location: United States
Status: Offline
Points: 1143
Post Options Post Options   Thanks (0) Thanks(0)   Quote Desperado Quote  Post ReplyReply Direct Link To This Post Topic: Possible Feature
    Posted: 01 August 2007 at 3:56pm
Has anyone looked at http://www.dnswl.org ?
 
They seem to have a reasonable (as far as I can tell so far) dns white list that is queried just like a dnsbl but gives whitelisted results.  Thoughts?  This may reduce the issues with hotmail and AOL servers getting on the SFDB if it can be set as a "White List Server" option in SF.
The Desperado
Dan Seligmann.
Work: http://www.mags.net
Personal: http://www.desperado.com

Back to Top
sgeorge View Drop Down
Senior Member
Senior Member


Joined: 23 August 2005
Status: Offline
Points: 178
Post Options Post Options   Thanks (0) Thanks(0)   Quote sgeorge Quote  Post ReplyReply Direct Link To This Post Posted: 01 August 2007 at 4:21pm
That seems like a fantastic idea, good find!

I'm sure that their criteria list will become inevitably become a source of controversy - both for the ips that are allowed on the list and those that are not.

But I bet this list (and any other breeds out there that may show up) would be extremely useful.  If one could use the dynamic list to whitelist servers, OR merely to allow those servers to simply skip the MAPS checks, it would be extremely handy.

Stephen
Back to Top
Desperado View Drop Down
Senior Member
Senior Member
Avatar

Joined: 27 January 2005
Location: United States
Status: Offline
Points: 1143
Post Options Post Options   Thanks (0) Thanks(0)   Quote Desperado Quote  Post ReplyReply Direct Link To This Post Posted: 01 August 2007 at 4:50pm

Stephen,

So far, 53 out of 53 "False" SFDB positives I queried off that list were correctly listed.  I find that to be a good "first inspection" statistic. My thought (And I have briefly discussed it with Logsat) would be to use the list to prevent additions to the SFDB in the first place.  Then, all the other filters in SFI or SFE would still function but the "Biggies" would not get routinely black-listed.

The Desperado
Dan Seligmann.
Work: http://www.mags.net
Personal: http://www.desperado.com

Back to Top
WebGuyz View Drop Down
Senior Member
Senior Member


Joined: 09 May 2005
Location: United States
Status: Offline
Points: 348
Post Options Post Options   Thanks (0) Thanks(0)   Quote WebGuyz Quote  Post ReplyReply Direct Link To This Post Posted: 01 August 2007 at 5:38pm

Good idea to centralize something like this as many would benefit.

http://www.webguyz.net
Back to Top
__M__ View Drop Down
Groupie
Groupie


Joined: 30 August 2006
Location: Australia
Status: Offline
Points: 75
Post Options Post Options   Thanks (0) Thanks(0)   Quote __M__ Quote  Post ReplyReply Direct Link To This Post Posted: 01 August 2007 at 11:59pm
Nice!
Back to Top
matthias View Drop Down
Newbie
Newbie


Joined: 02 August 2007
Location: Switzerland
Status: Offline
Points: 2
Post Options Post Options   Thanks (0) Thanks(0)   Quote matthias Quote  Post ReplyReply Direct Link To This Post Posted: 02 August 2007 at 4:05am
Hi all,

I'm one of the admins of dnswl.org. Nice to see you like the idea and that it seems to be of help for you :)

As to the suggested usage of dnswl.org entries: we have four trustlevels: "none", "low", "med", "hi". The frontpage of our website shows the suggested usage for those four levels (http://www.dnswl.org/). Those with a trustlevel of "none" include the servers of big consumer-level providers, including Yahoo and Google Mail, so you may want to be careful about those.

If you plan to include queries to dnswl.org by default in some product, we would be thankful if you can also provide a DNS mirror to help spread the load.

As sgeorge noted above, entries in dnswl.org and their trustlevel can be subject to discussion. While we do have guidelines on how to determine the trustlevel (eg, correct [r]DNS, SWIPed whois entries, track record at senderbase.org and Google Groups, various DNSBL lookups), there is always a subjective element. If in doubt, an entry gets assigned a lower trustlevel, which may be raised over time if traffic patterns allow it.

As I don't monitor this forum regularly, you can also write me directly at matthias /at/ leisi.net or admins /at/ dnswl.org.

-- Matthias
Back to Top
Desperado View Drop Down
Senior Member
Senior Member
Avatar

Joined: 27 January 2005
Location: United States
Status: Offline
Points: 1143
Post Options Post Options   Thanks (0) Thanks(0)   Quote Desperado Quote  Post ReplyReply Direct Link To This Post Posted: 02 August 2007 at 10:29am
I am e-mailing you now
The Desperado
Dan Seligmann.
Work: http://www.mags.net
Personal: http://www.desperado.com

Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4065
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 21 August 2007 at 4:22pm
Thanks to Desperado's suggestion and matthias' support, we implemented the DNSWL into the SFDB. As of today, the DNSWL data is being incorporated into the SFDB database, so that the results provided by the SFDB lookups provide results already adjusted to take into account the DNSWL trust levels.

In this initial implementation stage the DNSWL data will be updated every few days rather than daily. However since the whitelist changes are very small, this should not be an issue.

Note - there are no changes required to SpamFilter's configurations, everything is handled on the SFDB server.
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
matthias View Drop Down
Newbie
Newbie


Joined: 02 August 2007
Location: Switzerland
Status: Offline
Points: 2
Post Options Post Options   Thanks (0) Thanks(0)   Quote matthias Quote  Post ReplyReply Direct Link To This Post Posted: 21 August 2007 at 4:33pm
Thanks for using dnswl.org data :-)

For those running their own outgoing mailserver (which no doubt many of you are), you can get added to dnswl.org data yourself by using the request form on our website.

We can't guarantee any particular level of listing, but we will evaluate all requests fairly.

If you have any questions please feel free to ask. As I won't be monitoring this forum regularly, you an reach me by mail (direct: matthias .at. leisi.net, generic: admins .at. dnswl.org).
Back to Top
jerbo128 View Drop Down
Senior Member
Senior Member
Avatar

Joined: 06 March 2006
Status: Offline
Points: 178
Post Options Post Options   Thanks (0) Thanks(0)   Quote jerbo128 Quote  Post ReplyReply Direct Link To This Post Posted: 21 August 2007 at 5:31pm
Roberto, 
 
Can you go into it a bit more on how the SFDB is tied in with the whitelist.  Does this mean that when an IP is checked, instead of returning a "15", the database may return a -10 (negative number) to indicate that the domain is trusted? 
How will this play in with other filters?
 
thanks
 
jerbo128
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4065
Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 21 August 2007 at 7:06pm
If an IP is being blacklisted with a score of 60, but the whitelist marks it with a "high" trust lever, the SFDB lookup result will return a value of 7. We are dividing the original thresholds by a factor that depends on the whitelist trust level, not subtracting, so SFDB lookup results will never be negative, they will just be lower to whitelisted IPs.

Please note - While SpamFilter has a minimum SFDB threshold settings, so that any results over that minimum will mark the email as spam, the SFDB server has a minimum value as well that may override SpamFilter' setting. This is done as more companies use the SFDB, we receive more reports about spammers, thus the lookup results for the SFDB will increase.

If SpamFilter's setting is too low, this will increase the chance of false positives. So in this case, if SpamFilter's setting is below what we determine to be a safe minimum, our main SFDB setting will prevail.

If SpamFilter's setting is higher than our safe minimum, then that higher setting prevails over our minimum value on our SFDB server. This is because if the admin opted to stop less spam by setting a higher threshold, because they want to see less false positives, we need to respect that and will not impose our settings.
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.078 seconds.