There are many black lists out there, with bad and good reputations. Also, some people recommend to use RBL lists only in score-based systems (like spamassassin) while others (including commercial service providers, think Barracuda) extensively use lists to hard block messages before even looking at that.
The problem in using an RBL list to directly discard messages come from false positives, that 99% of the times would otherwise survive a score based system. I'm wondering if there are lists out there that could be put at good use in pre-queue, that have very very low false positives even if they maybe are less effective at catching true spam messages. Such lists would be good, in combination with greylisting, to skim a good part of the mail intake before running it through a content analysis system.
We are currently using only Abuseat's CBL to block SMTP connections, and we're not aware of any false positive introduced by this. Lists from the Spamhaus Project also look promising, but which ones? or all of them (like using ZEN)?
- Do you use (trust) RBL lists to directly block SMTP sources?
- Is there any known study on false positives rate or, do you have any experience to report?
- What lists would you recommend for this kind of filtering?
I used to trust RBLs directly. Then I wen't to scoring with policyd-weight which is much safer (but not your question).
I would only trust these RBLs for direct blocking:
IMPORTANT: never ever trust anything related to uceprotect. The admin there is totally insane and blocking stuff based on his own "understanding" of what's good or bad (he then generously offers unblocking by payment...).
I use zen.spamhaus.org and bl.spamcop.net.
Personally, I don't spend a lot of sleepless nights worrying about spam. It's a never ending battle and there's no perfect solution. There are always going to be some number of legitimate emails that get blocked and some number of spam emails that get through. We archive all spam messages and whitelist any false positives that have been captured. We queue all spam for a day and then dump it.