That depends on how you do the blocking. If you accept the entire mail before checking the source, then yes; you're wasting bandwidth. Fortunately, my mail server validates the source before accepting the "DATA" command. By this time, I have all I need to validate the source. Once that is satisfied, I can start searching for keywords in the mail body. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! On Wed, 2 Jun 2004 19:47:40 -0500 "Thomas W Shinder" <tshinder@xxxxxxxxxxx> wrote: http://www.ISAserver.org Hi Anthony, But you do have false postives with RBLs. You block an entire server or domain without performing due diligence. Critical mail may come from that server and you're not even aware that you missed it because it was blocked "en bloc". Also, the RBL does nothing to reduce Internet bandwidth usage, because the mail still arrives on your public link. Thanks! Tom -----Original Message----- From: Anthony Michaud [mailto:anthonym@xxxxxxxxxxxxxx] Sent: Wednesday, June 02, 2004 7:35 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: OT: Why Friends Don't Let Friends use RBLs http://www.ISAserver.org Bayesian filtering is still to "iffy" for my liking. There is a greater risk of "false positives" and the dynamic's of spam change frequently enough to avoid filtering (for periods of time). Finding a few good quality ORDB's has meant that I'm blocking ~35% of all email's - spam still gets through, but its significantly lower and there is no chance of a 'false positive'. To compensate for known clients having a listing on one or more of the ORDB's, we white list all known correspondence with a dump from the CRM product we use (automating this is a 'to-do'). As we initiate new business, we send the first email, its in our database (or should be if staff follow correct procedure) so its white listed. Nothing important is blocked. Show me a Bayesian filter with a proven track record of no false positives and I may think about looking at it - but I probably won't - the system I'm using ain't broke, so I'm not going to fix it :) Anthony. > -----Original Message----- > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] > Sent: Thursday, 3 June 2004 10:16 > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: OT: Why Friends Don't Let Friends use RBLs > > > http://www.ISAserver.org > > Hi Anthony, > > How does your use of an RBL on your network reduce overall bandwidth > utilization on the Internet link? How are they superior to a good > Bayesian filter? > > Thanks! > Tom > > -----Original Message----- > From: Anthony Michaud [mailto:anthonym@xxxxxxxxxxxxxx] > Sent: Wednesday, June 02, 2004 7:11 PM > To: [ISAserver.org Discussion List] > Subject: [isalist] RE: OT: Why Friends Don't Let Friends use RBLs > > http://www.ISAserver.org > > > > > -----Original Message----- > > From: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] > > Sent: Wednesday, 2 June 2004 11:22 > > To: [ISAserver.org Discussion List] > > Subject: [isalist] OT: Why Friends Don't Let Friends use RBLs > > > ~~~~~~~~~~~ Clip from Fred Langa Newsletter ~~~~~~~~~~~~~~ Kennedy > > Space Center Blacklisted I won't bore you with the rationale of why > > broad-brush "blacklist" tools are bogus--- I've covered the > inherent > > flaws in this approach many times before. ( > http://langa.com/u/4v.htm > > ) But I admit to a perverse pleasure in emails like this, > which show > > just how utterly stupid SPEWS, MAPS, SpamCop and the rest > really are: > > > > Three times this year all of the e-mail from Kennedy Space > Center was > > blocked by our county's largest broadband ISP (RoadRunner). > They have > > done so because of a large quantity of mail coming from a > single user > > > or because one or more of the following third party spam > > *snippage* > > I love these rants. Who I accept email from is *my* choice, based on > the lattitude that I have been given in my role. If your company has > sent unsolicited emails, I don't want 'em. If your ISP has done it, > or a customer of the ISP's - the ISP needs to be contacted by you and > the ISP fix it. I use dynamic RBL's, that have a quick turnaround on > removal of blocks, so when your mail system is secure again, then you > can talk to me. Don't fix it, then get on the phone or fax. > > Its *my* mailserver. Its *my* bandwidth. Its not free and the > spammers / virus writers aren't paying for the bandwidth they waste. > > I just love those that think they have a god given right to send email > - which is not the case. > > Anthony. > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > World of Windows Networking: http://www.windowsnetworking.com Leading > Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org Windows > Security Resource Site: http://www.windowsecurity.com/ Network > Security > Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: > http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit > http://www.webelists.com/cgi/lyris.pl?enter=isalist > > > > ------------------------------------------------------ > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > ------------------------------------------------------ > Other Internet Software Marketing Sites: > World of Windows Networking: http://www.windowsnetworking.com Leading > Network Software Directory: http://www.serverfiles.com > No.1 Exchange Server Resource Site: http://www.msexchange.org Windows > Security Resource Site: http://www.windowsecurity.com/ Network > Security Library: http://www.secinf.net/ Windows 2000/NT Fax > Solutions: http://www.ntfaxfaq.com > ------------------------------------------------------ > You are currently subscribed to this ISAserver.org Discussion List as: > anthonym@xxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tshinder@xxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist