Spam-fighting self-sufficiency

by Andy Lester

Ever since my department started throwing around the idea of spam filtering, I insisted that we not use any outside blackhole services. With
Osirusoft and their SPEWS list going dark, my concerns about outside forces controlling my infrastructure were confirmed.

Ever since the idea of outside DNS blacklists started, I'd heard horror stories of people tarred with a too-broad brush. One friend of mine has been blacklisted because his cable modem shares IP real estate with some open relays. I didn't want to put my company's acceptance of inbound mail in the hands of others. I hadn't even considered what would happen when the blacklist shut down and sent out erroneous DNS responses.

In a way, the blackhole lists are not at all open source. You can submit a "patch," but if it's not accepted by the powers that be, you're out of luck. It's not YOUR patches that you're concerned about getting accepted, but the patches from others that you don't know about. And just forget about being able to fork the codebase...

Until SMTP is replaced by something that's up to the task of spam blocking in the 21st century, I'll stick with Spam Assassin and other heuristic approaches.


2003-08-28 05:40:53
check out
It's an outside service, but not a black hole. Every now and then I log in to see what they held back, and can then forward individual e-mails, mark senders as OK, etc.

Because it's an outside service, it's particularly great from a dial-up (or web interface) account, where client-side filtering means pulling down all the crap before noting that it's crap.

2003-08-31 03:48:44
default SpamAssassin uses blocklist