It has been brought to my attention that I made at least one (and possibly
several) grevious errors in the spammer blacklists that I posted here awhile
ago.
In particular, the domain `hal9k.com' was improperly listed on my blacklists
in the past and has since been removed. (This site merely had an open SMTP
relay which was abused by some spammer. That open SMTP relay has now been
closed and the owner of that domain has also added a strongly anti-spam
acceptable use statement to his site's home page.)
I have recently been doing extensive updating and also extensive testing of
my anti-spam E-mail blacklists and I'm very happy with the results they are
now producing. They are catching well over 90% of all E-mail spam while
producing very nearly zero false positives on my test-bed data base of over
100,000 E-mail messages, mostly drawn from mailing list archives. (The hand-
ful of false positives are generally attributable to the occasional odd-ball
doing something really bizzare... like for example the guy who sent E-mail
to his friend who apparently has the address:
"//\[4Z@_P1+cH3N1K\]\"Gear Slut\"" <aza@avianet.net>
This was picked up by my filter due to the presence of the "@_" substring in
the To: header, which happens to be commonly seen in spam also. The few other
false positives are mostly attributable to messages in which the senders used
"To: (Recipient list suppressed)" in violation of RFC 822 which requires at
least one address in the To: header.)
My latest blacklists (sans comments/annotations) can be viewed at:
http://www.e-scrub.com/cgi-bin/blacklists.cgi
or if you prefer to peruse and/or download the commented/annotated version
of the blacklists at:
http://www.e-scrub.com/blacklists/blacklists.txt
In either list, the meaning and interpretation of the arguments for the var-
ious `Blacklist-IP:', `Blacklist-Domain:' and `Blacklist-User:' directives
should be self-explanatory. In the case of the `Blacklist-Header:' directives
the first part of the argument is the header name (matched case-insensitively)
and the second part (after the second colon on each of these lines) is a
string to be searched for (case-sensitive) as a substring in the relevant
type of header. (It is left as an exercise for the interested reader how to
munge the arguments for these `Blacklist-Header:' directives into function-
ally equivalent procmail regular expressions.)
The `Domain-Equiv:' directives (visible at present only in the annotated plain
text version of the blacklists mentioned above) relate to the anti-forgery
filtering feature of my filter. These directive serve to reduce false posi-
tives when and if this filter feature is enabled.
-- Ron Guilmette, Roseville, California ---------- E-Scrub Technologies, Inc.
-- Deadbolt(tm) Personal E-Mail Filter demo: http://www.e-scrub.com/deadbolt/
-- Wpoison (web harvester poisoning) - demo: http://www.e-scrub.com/wpoison/
|
|
