Message Board

Newbie/Basic Questions

Older Posts ]   [ Newer Posts ]
 Razor, Pyzor, DCC
Author: Z.Urmossy   (14 Aug 07 8:16am)
Hi,

I am quite new in the project, but fighting spam for years other ways.

I have searched the message board for the keywords in subject, but found no related topics.

I understand the explanation, why the project would not like to set-up a DNS-RBL [anyway, it would be a great idea, who does not want to use it will ignore; and several steps could be made to keep the identity of the spamtrap hidden].

On the other hand, it would be nice to report mail arrived to dedicated spamtraps to checksum-based bulk-mail detection servers [razor, pyzor, dcc]. It does not hurt the anonymity of the spamtrap, but helps end-users to identify spam as it is.

If the project is reporting [I have checked the whole site, but could not find any related info], please ignore the following.

As the project is operating a large number of dedicated traps in different domains, it probably receives large amounts of bulk mail _before_ most of the real humanoid recipients [especially if they are using greylisting], who are not interested in fighting spam just need filtering.

In our cca. 40 (small company) domains it is working fine in small measures [1-3 spamtrap MX/domain, cca. 30% real-mailing-domain-embedded spamtraps, no greylisting].

Thank you,
Zoltan
 
 Re: Razor, Pyzor, DCC
Author: M.Prince   (14 Aug 07 8:23am)
We actually calculate DCC values for every message we receive and may, at some point in the future, decide to share those. We've done this since the first day of the Project, so there's actually quite a bit of data there.

Right now, we share data with the SURBL. If you want to use a RBL that benefits directly from Project Honey Pot, we suggest that one.

Why not share with other RBLs or setup our own. The concern is false positives. It is not hard to sign up one of our traps for a legitimate newsletter. Since the process of listing is automated, there is little oversight into keeping good mailers out of the system. SURBL overcomes this problem by carefully constructing a whitelist of good guys' domains. Other RBLs -- including those based on checksums -- have a more difficult time doing this.
 
 Re: Razor, Pyzor, DCC
Author: A.Doherty   (27 Feb 08 5:04am)
"It is not hard to sign up one of our traps for a legitimate newsletter. "

actually it should be as the legitimate mailer will never recieve a reply to its confirmation mail. so should be identifiable as a one hit only source {and should have an identifiable format for confirmation mails }

so as long as your dnsbl does a first strike {short automatic timeout}
{or identifies most confirmations via regexps then have a human approve/block other auto de-listings +ammend the regexp list when new confirmation mail patterns spotted}

plus some way for large out-relays to pre-delist their ip's by providing an abuse contact for you to auto-forward {minus the spamtrap address} any spam recieved from there out-relay so they can deal with the spammer abusing their relay promptly.
{and not fear getting all there customers listed due to one abusive user}
obviously some way of escalating those that despite forwarded reports take no observable action might be worth bolting on afterward {say same submitting ip to their relay over X period of time from headers}



You may browse the discussion topics, but you must sign in to post. If you do not have an account, you can create one for free.

do not follow this link

Privacy Policy | Terms of Use | About Project Honey Pot | FAQ | Cloudflare Site Protection | Contact Us

Copyright © 2004–25, Unspam Technologies, Inc. All rights reserved.

contact | wiki | email