Educause Security Discussion mailing list archives

Re: DNS blacklists

From: "Tupker, Mike" <mtupker () MTMERCY EDU>
Date: Mon, 18 May 2009 13:22:57 -0500

Yep, I meant sbl-xbl.spamhaus.org. For the most part we’ve had good results from spamcop. Surriel was one of the ones 
we’ve started having problems with lately as well as abuseat.org. After reviewing the stats for the RBL usage on our 
spam appliance I think I may also ditch most of them. The barracuda one is catching over 90% of the RBL blocks and 
spamhaus is second (but not a close second).
Thank you to everyone who responded.
Mike Tupker
Systems Administrator
Mount Mercy College
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of 
McClenon, Braden
Sent: Monday, May 18, 2009 12:59 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] DNS blacklists

Did you mean sbl-xbl.spamhaus.org?  We were using zen.spamhaus.org until our Barracuda’s internal “Pseudo-RBL” became 
good enough that querying Zen didn’t seem worth the look-ups anymore.
I found psbl.surriel.com to have too many false positives, and I’ve heard the same about spamcop.  I’ve heard others 
say psbl.surriel.com is good as part of a Bayesian scoring system though.  Honestly, I’ve only heard complaints about 
spamcop, but that’s not to say there aren’t supporters out there.
Also, cbl.abuseat.org is included in xbl.spamhaus.org.  See http://www.spamhaus.org/xbl/.  So you could get rid of that 
one.

Brady McClenon
Senior Server Administrator
SUNY Oneonta

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Ben 
Williams
Sent: Monday, May 18, 2009 1:19 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] DNS blacklists

We utilize zen.spamhaus and b.barracuda. The only complaints we have received are from users being blocked when sending 
mail from home (POP/IMAP users). Where necessary we have added exceptions for them.
When we added the barracuda list our top spam recipients saw approximately a 50% decrease in quarantined spam. While 
that does not translate to a 50% reduction in spam for everyone, it certainly does lighten the load on our spam filter 
system.

Ben Williams

"Tupker, Mike" <mtupker () MTMERCY EDU> 5/18/2009 12:38 PM >>>

Hi,

I was just curious what other campus’ are using in terms of DNS blacklist when it comes to email? They are very handy 
but recently a few of them have been the source of some complaints from our users. Currently we are using:

Rbl-xbl.Spamhaus
psbl.surriel.com
cbl.abuseat.org
bl.spamcop.net
dnsbl.njabl.org
Barracudacentral – by default in our barracuda device

I know we are probably using more lists than is necessary, but I’m sure you all know how cranky people can get if they 
find a single spam message in their inbox.

Mike Tupker
Systems Administrator
Mount Mercy College

Current thread:

DNS blacklists Tupker, Mike (May 18)
- <Possible follow-ups>
- Re: DNS blacklists Dexter Caldwell (May 18)
- Re: DNS blacklists Dexter Caldwell (May 18)
- Re: DNS blacklists Ben Williams (May 18)
- Re: DNS blacklists McClenon, Braden (May 18)
- Re: DNS blacklists Tupker, Mike (May 18)
- Re: DNS blacklists Jesse Thompson (May 21)
- Re: DNS blacklists Jesse Thompson (May 21)