Re: RES: Massive SPAM Increase

["Jamie Riden" <jamesr () europe com>]

On 11/10/06, Paul Dean <paul () thecave ws> wrote:
> Hya All,
>
> Anyone bother to think about using the wonderful rbl lists provided by
> lots of fast healthy servers around the world.
>
> IE spamcop.net, abuseat.org, spamhaus.org <snip>

Definitely. I was using sbl+xbl at a largish University and it was
throwing away something like 50% of our inbound mail with no false
positives. But it's good to deploy it as tagging/warning before you
actually go to rejecting mail. Apart from that, rejecting hosts which
tried to HELO as us worked well. (Internal hosts didn't deliver to the
MXs, so we knew anything claiming to be us was bogus.)  We couldn't
use the rDNS checks as too many local organisations don't have valid
records and we were rejecting lots of mail that people wanted.

But I think this stuff is all covered in the FAQs of your favourite
MTA and it's not quite what the OP was asking about.

cheers,
Jamie
--
Jamie Riden, CISSP / jamesr () europe com / jamie.riden () gmail com
NZ Honeynet project - http://www.nz-honeynet.org/

------------------------------------------------------------------------------
This List Sponsored by: Black Hat

Attend the Black Hat Briefings & Training USA, July 29-August 3 in Las Vegas. 
World renowned security experts reveal tomorrow's threats today. Free of 
vendor pitches, the Briefings are designed to be pragmatic regardless of your 
security environment. Featuring 36 hands-on training courses and 10 conference 
tracks, networking opportunities with over 2,500 delegates from 40+ nations. 

http://www.blackhat.com
------------------------------------------------------------------------------