RE: DNS-BL for e-mail addresses

Robert Felber writes...
> On Sat, Jun 04, 2005 at 05:42:28PM +0200, Ralf Hildebrandt wrote:
> > * Robert Felber <r.felber@ek-muc.de>:
> > > Hi ho,
> > >=20
> > > are there DNS based blacklists for e-mail addresses?
> >=20
> > They're called RHSBLs.
>=20
> Ah, I recall - I am sure someone asked me to implemet RHSBLs=20
> *looking at my todo list* :)
>=20
> > > I would like to catch those abused yahoo and hotmail accounts.
> > ? You could try sender address verification, since yahoo & hotmail
> > quickly close abused accounts.
>=20
> Thats expensive (or slow), isn't it?

Yes, but if you cache the results, it's not bad.

However, my current experience is that sender address verification =
("SAV")
is not as effective now as it was even 6 months ago. Many spammers now =
seem
to be using real, valid sender addresses, or to have discovered sites =
that
will confirm any address. Of course, the putative senders have nothing =
to
do with the spam or the spammer, they are just there to deflect =
complaints.
That they defeat SAV is probably just a side-benefit for the spammers.

Currently, I'm running a few Postfix-internal checks, a whitelist, a =
couple
of local blacklists, then a bunch of RBLs and RHSBLs, then a greylister,
then SAV. Putting SAV very late in the process means that only the
"senders" who pass all the other checks inititate an SAV probe, making =
the
speed and expense of the probes manageable.

I also auto-whitelist anyone to whom my users send mail, which further =
cuts
down on the expense of accepting mail, since that whitelist comes before =
any
off-premises checks.

-Shel

DISCLAIMER: etc.