Re: Spamhaus Experiences?

[Joe St Sauver <JOE () OREGON UOREGON EDU>]

Doug Sandford <dsandfor () SEEBECK UA EDU> wrote...

#We have recently (last week) installed an open source spam blocker
#from the Spamhaus (http://www.spamhaus.org) project with pleasing
#results. The product has been catching seven to eight thousand pieces
#of mail a day...as I said we are pleased thus far.
#Do any of you have any experience with this product or their Exploit
#Blocker for viruses, etc? Seems almost too good to be true,
#particularly when compared to the pricey commercial solutions out
#there.

The SBL+XBL is one of the DNSBLs I recommended in my talk "Email Effective
Security Practices: 5 Concrete Areas to Scrutinize" from the last Internet2
Member Meeting; detailed slides are available at
http://darkwing.uoregon.edu/~joe/emailsecurity/ in PDF or PPT formats.

Spamhaus does a great job (be sure you're using the combination SBL+XBL
list rather than only the SBL or only the XBL). You should see excellent
results and nil false positives.

Besides the SBL+XBL, you may want to consider running an open proxy DNSBL
(such as NJABL, as mentioned in my talk), as well as a list that specializes
in open relays, dialup and other dynamic traffic sources such as the
mail-abuse.org RBL+ (not free, but cheap for .edu's in zone transfer mode).

See also the discussion of DNS "hinting" and the pointer to SPF if you want
to block additional spam and virus related traffic.

Regards,

Joe St Sauver (joe () oregon uoregon edu)
University of Oregon Computing Center

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.