SFDB rejects hotmail, gmail & yahoo |
Post Reply 
|
| Author | |
tckoay 
Newbie 
Joined: 02 April 2007 Status: Offline Points: 15 |
 Post Options
 Thanks(0)
 Quote Reply
 Topic: SFDB rejects hotmail, gmail & yahooPosted: 06 June 2007 at 11:59am |
|
I notice SFDB blocking IPs from hotmail, gmail & yahoo. Is there anyway I can set in SF for whitelist/skip those big boy IP from SFDB checking? I still want to remain all spam checking except SFDB. Can it be done? Do SF Whitelist - Excluded Domain/IPs support netmask IPs like 123.123.123.0/16? Thanks
|
|
 |
|
|
WebGuyz
Senior Member 
Joined: 09 May 2005 Location: United States Status: Offline Points: 348 |
Post Options
Thanks(0)
Quote Reply
Posted: 06 June 2007 at 12:12pm |
|
We had to really jack up our SFDB setting to a higher number for this reason. There is no way to do what you want but it has been asked for on many occasions. Do a search on SFDB to see the official response. Still think greylisting is our best bet for actually keeping traffic off of our networks. While its great to quarantine it takes a lot of resources. If we can keep it from getting to us at all it would be much better. Edited by WebGuyz |
|
|
http://www.webguyz.net
|
|
|
|
|
Desperado
Senior Member
Joined: 27 January 2005 Location: United States Status: Offline Points: 1143 |
Post Options
Thanks(0)
Quote Reply
Posted: 06 June 2007 at 12:20pm |
|
We too are seeing a huge increase in hotmail, gmail and aol getting on the SFDB. Perhaps, since there is greater possiblilit of them getting reported due to their volume of message traffic, we could request that the algorithm that logs from those IP's be adjusted somehow.
|
|
|
The Desperado
Dan Seligmann. Work: http://www.mags.net Personal: http://www.desperado.com |
|
|
|
|
IKILLSPAM1
Groupie 
Joined: 02 May 2007 Location: United States Status: Offline Points: 70 |
Post Options
Thanks(0)
Quote Reply
Posted: 07 June 2007 at 12:19pm |
|
Ive had trouble with those domains even before using SFI for filtering. Its always a nuisance. You could, for example, whitelist the class c for any aol servers which get blocked. If I find one that got blocked, I just whitelist the class c its on. Most of those large companys have their mail servers on same class c's. This is the same for like comcast's smtp servers. I know whitelisting a whole class c might seem like your opening yourself up but I've not seen a problem doing such.
You could also turn up the SFDB Network Reliability setting . Mines on 3 because I am a hard nose with spam. |
|
|
|
|
LogSat
Admin Group 
Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
Quote Reply
Posted: 07 June 2007 at 4:07pm |
|
Our SDFB server actually overrides the minimum "SFDB Network Reliability" setting to ensure it is not too low.
We currently are using a threshold of 9. This means that if users configured a minimum threshold of 3 in their SpamFilter, our SFDB server will increase it to 9 to lower the number of false positives. If a user decided to be very conservative, and configure a higher threshold of 15 for example, our SFDB server will honor the higher threshold. This is done because as more and more companies use SpamFilter, more and more are going to report spam, and a higher network reliability is required to obtain more accurate results. "Unfortunately" the SFDB is very accurate. If an IP is blacklisted, it is **extremely** likely that the IP was used to send spam within the last 24 hours. If the IP belongs to a large provider however, it will cause the issues mentioned here. A mitigating factor is that the large providers often hame several SMTP servers scattered throughout the internet, so when one of their IPs is blacklisted, it only affects a small portions of their customers. We're listening to your comments, and are brainstorming here to see what can be done about this. The issue is knowing that someone is spamming, but somehow continue to accept emails from them...! |
|
|
|
|
Desperado
Senior Member
Joined: 27 January 2005 Location: United States Status: Offline Points: 1143 |
Post Options
Thanks(0)
Quote Reply
Posted: 07 June 2007 at 6:02pm |
|
Hmmmm ... I guess I do not understand the threshold then. The default seems to be 3 which I thought meant how many reject ID's were captured. Can you explain a little more so that I can figure out where to set the threshold?
|
|
|
The Desperado
Dan Seligmann. Work: http://www.mags.net Personal: http://www.desperado.com |
|
|
|
|
LogSat
Admin Group
Joined: 25 January 2005 Location: United States Status: Offline Points: 4104 |
Post Options
Thanks(0)
Quote Reply
Posted: 07 June 2007 at 8:09pm |
|
With only 3 reject IDs you'd be seeing many more false positives. This is because we now have many more companies using the SFDB than 6 months ago... Since we now have more reporters, we have been incresing slightly each month the minimum number of rejects necessary to blacklist the IPs.
Say now we have 10 companies running SpamFilter and reporting to the SFDB. A minimum of 2 reject IDs would have probably given "OK" results. Next week the reporters increase to 100. It's very likely now that 2 of those 100 companies can have a false report for that IP, so we had to increase the minimum number or reporters to get less false positives, let's say 5. If the following month we have 1,000 companies reporting, we have to increase it even more, as it's possible that with only 5 companies reporting someone out of 1,000 could yield false positives... |
|
|
|
Topic Options|
Post Reply
|
|
Tweet
|
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
This page was generated in 0.191 seconds.