nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Spamhaus ...

From: "Matthew Black" <black () csulb edu>
Date: Thu, 18 Feb 2010 00:53:04 -0800
On Wed, 17 Feb 2010 18:33:00 -0700
 Joel M Snyder <Joel.Snyder () Opus1 COM> wrote:
I second the assertion that others have already made that this is worth the money. We do spam testing, and I can more-or-less guarantee that Spamhaus beats all of the free reputation services (and a number of the for-pay ones) hands-down in its ability to block spam and the incredibly low number of false positives.
We ADDED Spamhaus to our IronPort because it was inexpensive. I recall using MAPS RBL many years earlier with a lot of false positives and angry companies trying to reach our users. 


John Levine wrote:

> > We no longer use Spamhaus, relying instead upon Sender Base Reputation
> >Scores (IronPort).

>How does the price compare?
Well, depending on how you look at it, either horribly or beautifully. You can't buy SenderBase by itself; you get it with an Ironport anti-spam appliance. So if you were going to buy Ironport anyway, the price is "free" which makes it cheaper than Spamhaus. On the other hand, if you just want SenderBase, it'd be a very expensive way to get only the reputation filtering.
In general, like many of the big-name anti-spam products, the reputation service is part-and-parcel of the product and can't really be separated out. In fact, with Ironport, they use the reputation service in two ways: one is to block connections in the first place, and the second way is to bias results of their content filter for connections which are accepted. Since their scores are -10 to +10, there's considerable leeway to use the information as part of their anti-spam cocktail beyond simple "go/no-go" of a typical reputation service. 

jms
Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
SenderBase blocks about 90% of incoming connections. 3-part TCP/IP handshake, send them an error, then disconnect. For some egregious senders, we simply refuse the TCP/IP connection. You don't have to scan refused messages or connections for viruses or spam, a very costly process.
When IronPort first released their own anti-spam product to replace Brightmail, it had many false positives. We were a beta tester. They do much better now and false positives are almost non-existent.
We still encounter the occasional user wondering why their connection gets blocked by SenderBase. For our users, we remind them to configure SMTP AUTH when working from off campus because so many DSL addesses have low SBRS values. SMTP AUTH lets them bypass the SenderBase.
One of the coolest IronPort features is virtual gateways. Besides all the reputation filtering and anti-spam, anti-virus features, IronPort lets you create virtual gateways so outbound e-mail can be classed to use a different outbound source IP address. Very helpful so that our bulk mailers don't affect individual users should we get black or graylisted. 

Cheers.

matthew black
e-mail postmaster
california state university, long beach
Previous By Date Next
Previous By Thread Next

Current thread: