Choosing RBLs

Antispam-type people, I want your opinions on RBLs. I’ve given up on
Bayesian filtering companywide, and content-only filtering just doesn’t
cut it anymore, but I want to avoid putting RBL blocking or tagging in
place that I’m going to regret.


Basically I’m after low false positives and negatives, with an emphasis
on low false positives for the blocking ones and a balance between both
errors on the tagging ones; it’s also critical that all of the BLs are
based on mechanical or fixed criteria (and not on opinions).


The mailserver in question is the corporate mailhub; any mail coming
into the company comes in through there, so the variety of content is
pretty wide. Load is about 8-10k messages per hour, about 15% of which
are deliverable.


The plan is:

  • Disable Bayesian filtering outright
  • Block outright on sbl-xml.spamhaus.org, bl.spamcop.net,
    list.dsbl.net, spam.dnsbl.sorbs.net

  • Give big spamassassin penalty to dnsbl.sorbs.net,
    dsn.rfc-ignorant.org, ipwhois.rfc-ignorant.org, maybe njabl.net

  • Handle the DNS bits via zone transfers wherever possible,
    instead of individual requests


Thoughts on those RBLs, or on moving from primarily content/bayes
to primarily RBL-based spam handling?

Comments 4