der Mouse wrote: >>> It _does_ mean that someone to whom email is important had better do >>> due diligence in selecting DNSBLs - just as someone to whom a car is >>> important had better do due diligence in selecting a mechanic [...] >> I agree with that. But easier still is to setup your own spam traps >> and run your own spamfilter. Which is what I think most actually do. > Not easier for me; not easier for the ISP I work for (I'm part of its > collective postmaster). I, at home, and we, at work, find DNSBLs by > far the lower-cost answer, after all the costs are tallied (dollars > spent, human time, false positives, false negatives, machines, disk > space, network bandwidth, the list of forms costs can take is long). In today's climate, you have to have very large spamtraps to do an effective job in driving your own filters unless you have an atypical spam load. If you have users that are being hit by BOTnets, your spamtrap has to be in the 100s of thousands of emails per day, if not larger, to be able to derive the right information to tune filters to an effective level. We're a large company, and we've been able to, through our legacy domains and "gracious donations" to get our traps up to about 10-20M per day. That alone does a pretty good job. But even we, despite how big our traps are and how well they do, get considerable extra effectiveness by using DNSBLs. At least one of these DNSBLS, via mutterings in the woodworks, has spamtraps that are effectively more than 2 orders of magnitude bigger than ours. Yikes. Someone of the size of AOL or Gmail can do the spamtrap game all by themselves - internally, they usually generate source IP reputation lists (however distributed) in addition to other techniques to use that information. But almost everyone smaller needs much more trap than they can realistically construct themselves. Small sites with usually atypical spam loads can often do just fine with very much smaller data sources. It's amazing how much different the spam profile can be at small sites. But they generally don't work nearly as well once scaled up to larger environments with more representative loadings. As one datapoint to show how uneven spam distribution is: we have 45,000 recipients. Fully half of them get virtually no spam at all. If we segregated those people off on their own mail servers, they wouldn't need filtering. Meanwhile, the other half get lots. One poor sod was getting 4,000-16,000 spams/day for the better part of a year - no useable commonality whatsoever in what he was getting nor where it was coming from. The only explanation for that, ironic as it may be, is that he was on lots of IETF mailing lists for a very long time that got scraped over and over again. The only solution - just what got past the filters at 99%+ effectiveness was overwhelming - was for him to change his email address (actually we all did, the company domain name got changed. Not because of this, but it helped anyway, causing a huge discontinuity in spam volumes.). [Most of the high rollers in our "spam sweepstakes" are long-term IETF mailing list members on the same address... Long-term IEEE list membership is also a big factor.] _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf