Print Page | Close Window

SFDB rejects hotmail, gmail & yahoo

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=6097
Printed Date: 03 June 2025 at 3:09am


Topic: SFDB rejects hotmail, gmail & yahoo
Posted By: tckoay
Subject: SFDB rejects hotmail, gmail & yahoo
Date Posted: 06 June 2007 at 11:59am

I notice SFDB blocking IPs from hotmail, gmail & yahoo. Is there anyway I can set in SF for whitelist/skip those big boy IP from SFDB checking? I still want to remain all spam checking except SFDB. Can it be done?

Do SF Whitelist - Excluded Domain/IPs support netmask IPs like 123.123.123.0/16?

 Thanks

 


Replies:
Posted By: WebGuyz
Date Posted: 06 June 2007 at 12:12pm

We had to really jack up our SFDB setting to a higher number for this reason. There is no way to do what you want but it has been asked for on many occasions. Do a search on SFDB to see the official response.

Still think greylisting is our best bet for actually keeping traffic off of our networks. While its great to quarantine it takes a lot of resources. If we can keep it from getting to us at all it would be much better.



-------------
http://www.webguyz.net

Posted By: Desperado
Date Posted: 06 June 2007 at 12:20pm
We too are seeing a huge increase in hotmail, gmail and aol getting on the SFDB.  Perhaps, since there is greater possiblilit of them getting reported due to their volume of message traffic, we could request that the algorithm that logs from those IP's be adjusted somehow.

-------------
The Desperado
Dan Seligmann.
Work: http://www.mags.net
Personal: http://www.desperado.com

Posted By: IKILLSPAM1
Date Posted: 07 June 2007 at 12:19pm
Ive had trouble with those domains even before using SFI for filtering. Its always a nuisance. You could, for example, whitelist the class c for any aol servers which get blocked. If I find one that got blocked, I just whitelist the class c its on. Most of those large companys have their mail servers on same class c's.  This is the same for like comcast's smtp servers. I know whitelisting a whole class c might seem like your opening yourself up but I've not seen a problem doing such.

You could also turn up the SFDB Network Reliability setting . Mines on 3 because I am a hard nose with spam.

Posted By: LogSat
Date Posted: 07 June 2007 at 4:07pm
Our SDFB server actually overrides the minimum "SFDB Network Reliability" setting to ensure it is not too low.

We currently are using a threshold of 9. This means that if users configured a minimum threshold of 3 in their SpamFilter, our SFDB server will increase it to 9 to lower the number of false positives.

If a user decided to be very conservative, and configure a higher threshold of 15 for example, our SFDB server will honor the higher threshold.

This is done because as more and more companies use SpamFilter, more and more are going to report spam, and a higher network reliability is required to obtain more accurate results.

"Unfortunately" the SFDB is very accurate. If an IP is blacklisted, it is **extremely** likely that the IP was used to send spam within the last 24 hours. If the IP belongs to a large provider however, it will cause the issues mentioned here. A mitigating factor is that the large providers often hame several SMTP servers scattered throughout the internet, so when one of their IPs is blacklisted, it only affects a small portions of their customers.

We're listening to your comments, and are brainstorming here to see what can be done about this. The issue is knowing that someone is spamming, but somehow continue to accept emails from them...!


-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP

Posted By: Desperado
Date Posted: 07 June 2007 at 6:02pm
Hmmmm ... I guess I do not understand the threshold then.  The default seems to be 3 which I thought meant how many reject ID's were captured.  Can you explain a little more so that I can figure out where to set the threshold?

-------------
The Desperado
Dan Seligmann.
Work: http://www.mags.net
Personal: http://www.desperado.com

Posted By: LogSat
Date Posted: 07 June 2007 at 8:09pm
With only 3 reject IDs you'd be seeing many more false positives. This is because we now have many more companies using the SFDB than 6 months ago... Since we now have more reporters, we have been incresing slightly each month the minimum number of rejects necessary to blacklist the IPs.

Say now we have 10 companies running SpamFilter and reporting to the SFDB. A minimum of 2 reject IDs would have probably given "OK" results. Next week the reporters increase to 100. It's very likely now that 2 of those 100 companies can have a false report for that IP, so we had to increase the minimum number or reporters to get less false positives, let's say 5. If the following month we have 1,000 companies reporting, we have to increase it even more, as it's possible that with only 5 companies reporting someone out of 1,000 could yield false positives...


-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP


Print Page | Close Window