IADB whitelist still worthless

Posted at 6:54:31 PM in Security (4)

The IADB whitelist just passed a list of diesel engine parts as surplus inventory to my CPA client. Here's the score:

	* -0.0 RCVD_IN_IADB_OPTIN RBL: IADB: All mailing list mail is opt-in
	*      [208.75.123.201 listed in iadb.isipp.com]
	* -0.0 RCVD_IN_IADB_LISTED RBL: Participates in the IADB system
	* -0.0 RCVD_IN_IADB_VOUCHED RBL: ISIPP IADB lists as vouched-for sender
	* -0.0 RCVD_IN_IADB_SPF RBL: IADB: Sender publishes SPF record
	* -0.0 RCVD_IN_IADB_SENDERID RBL: IADB: Sender publishes Sender ID record
	* -0.0 RCVD_IN_IADB_DK RBL: IADB: Sender publishes Domain Keys record
	* -0.0 RCVD_IN_IADB_RDNS RBL: IADB: Sender has reverse DNS record
	* -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
	*      [208.75.123.201 listed in wl.mailspike.net]

 On my server, I've marked all of these to a very low score to see what kind of spam actually comes through. For the most part, IADB passes junk mail. It is a paid for whitelist that has no management or testing facilities to ensure the email from servers they whitelist are actually legit.

Written by Leonard Rogers on Thursday, October 16, 2014 | Comments (0)

Stopped using URIBL_RHS_DOB as of today

Posted at 8:50:59 PM in Other (7)

A email traffic was having a hard time getting through today because the above list manager was blocking legitimate site, such as me.com, icloud.com, microsoft.com and many many others claiming they were all Day Old Bread sites. Day Old Bread (DOB) is a list which is suppose to indicate what domains just became active. Supposedly, they scan registrar's for domains that either moved IP addresses or just showed up on the domain list. This is because many spammers like to move their domains around so services that block IP addresses will not block their new location. Phishing expeditions usually only live at one place for about a week and then are taken down. 

Using this list is beneficial when it works and like other blacklisting services, will run into problems that cause a high rate of false positives (emails tagged as spam when they aren't). I will probably start using the list again, but as for now, until it gets fixed (which they claim they have fixed it, but many disagree) it is only causing problems with the emails.

Written by Leonard Rogers on Monday, October 6, 2014 | Comments (0)