I want to sign up for an RBL list, but I want one that has very few false positives -- even if they allow some spam through, I want to reject as few real messages as possible.

Does anyone have any recommendations?

What is a RBL list

RBL = Realtime Blackhole List

The only one I'd trust on it's own is the SBL (spamhaus.org). It is very precise and doesn't generally have any collateral damage.

I actually monitor our spam logs and block the worst SBL offenders at the firewall to minimize load on the mail servers.

On a whole, I run all incoming mail through 30 plus tests in a weighted configuration and weight the SBL very high since it is very accurate.

- Mike

Mike -- Do you have your configuration set up so it actually blackholes your mail, or simply affixes a warning?

Also -- didn't I read somewhere that all of your checks are on Windows servers? Or was that somewhere else.

Never mind, that was a dumb question of course it kills it. Thanks for the recommendation, I added the SBL to my mail server and got it rejecting within 4 minutes, very cool :).

Thanks for the recommendation.

For the mostpart I use two actions -- adding "SPAM" to the subject line when mail fails 3 or so tests, and then I delete when it fails numerous tests. I don't bounce much due to the added load on the mail servers and the fact that most mail that fails enough tests to bounce will have a ficticious reply-to address anyway. I monitor logs on a daily basis to confirm that no legitimate is being caught and adjust weights / which tests are run as needed.

Numerous SBL hits will earn them a block at the firewall as well (Generally ROKSO type spammers)

- Mike

Any statistics on the amount of positives blocked by mistake? I am always skeptical due to the fact that collateral damage is high. For example, the last time I tried it, my own users can't even send mail as their ISPs are blacklisted.

I haven't had a single customer complaint in months, and I have the ability to provide customers with a personal whitelist when they do report false positives (txt file they can easily access via ftp). The filtering software also provides extensive logging, so I can monitor effectiveness on a daily basis as well as tracking any reported false positives.

I've carefully taylored the tests so that only numerous failures will delete mail, which has proven very effective. I monitor logs on a daily basis to ensure legitimate mail is not being caught. I am now running all mail against a total of 91 tests, so I have quite a bit of flexibility to ensure that I'm only catching actual spam. Taking action based only on a single RBL is much more likely to catch false positives.

- Mike

Sorry about opening an old thread.

We run two now. One that has yet to generate a complaint about false-positives is www.ordb.org. Doesn't block a lot, but it works.

The other one we now use is www.spamcop.net. This is by far the biggest blocker. But it does generate FPs. But you can open those IPs up if you choose. To give you an idea of how much it blocks, one server with 300 sites -

grep -c spamcop.net /var/log/maillog
9462

Logs rotated three days ago.