vetaltm Author
Joined: 05 Feb 2006 Posts: 748
|
Posted: Fri Jan 19, 2007 5:06 pm Post subject: |
|
|
Selecting 1-2 best DNSBL providers is not that easy. There are several things to consider when selecting DNSBL providers:
- First of all, the reliability is an opposite of coverage. The more IPs are listed in a particular DNSBL, the greater is a probability of false positives. And vice-versa, if you select several very reliable but incomplete providers, then the effectiveness of filtering spam by headers will be low.
- Selecting several providers for checking IPs always gives more hits, because the different RBLs use different criterions for blacklisting IPs.
- There are several ?white? methods in plug-in, which are used for decreasing the probability of false positives: whitelist of friendly addresses, white rules and exceptions. They are balancing the classification by preventing blocking the known good messages even if their senders are blacklisted. Also the latest version of AntispamSniper allows restoring the deleted messages. These things prevent you from losing good messages, even if you?ve selected a lot of less reliable RBL providers for checking.
- The speed of checking IPs depends on selected maximum number of hits, required for blocking a message. But the number of selected providers is less important. The providers are checked simultaneously and the plug-in stops checking RBLs for some IP when it reaches a required number of hits. For example, if you set the required number of hits to 3, then a message will be blocked immediately after receiving first 3 positive answers from any of the selected RBL providers. The rest of answers will be ignored.
The summary: select more DNSBLs for checking IPs. The plug-in will block more spam by headers in that case. There will be also false positives, but the whitelists will be filled enough for avoiding them in most cases after some period of training the plug-in. Moreover you can always restore the mistakenly deleted messages using a filtering log. |
|