public blacklists

[Paul Howarth]

Ow Mun Heng wrote:
> On Thu, 2004-12-09 at 19:15, Paul Howarth wrote:
> 
>>Ow Mun Heng wrote:
>>
>>>On Thu, 2004-12-09 at 02:54, Scot L. Harris wrote:
>>>
>>>>The SURBL option examines the URLs in the spam messages and checks
>>>>various block lists.  If they show up on the block list the score is
>>>>increased appropriately.  
>>>
>>>I was just asking that question. Thanks for clearing that up. So,
>>>effectively, it's just another form of greylisting then.
>>
>>No, greylisting is a completely different thing. Greylisting ensures that the 
>>sending server is a proper MTA that retries when it sees a temporary failure 
>>during a delivery attempt. Most spamware does not do this, hence greylisting 
>>stops lots of spam. SURBL is looking at the message body after delivery and 
>>scoring it as likely to be spam or not based on the URLs found there. Two 
>>completely different things.
> 
> 
> In that case, in some cases, eg: if one runs their own mail-server,
> grey-listing seems to be a better option compared to spamassassin, even
> when using SURBL.
> 
> Reason being, greylisting stops it at the MTA level, spamassassin only
> tracks it once it's already in the system.

Yes, though spamassassin can be tied closely to the MTA so that the MTA 
rejects the mail at the end of the SMTP transaction (DATA phase), which at 
least prevents delivery to the local user. Greylisting works before the DATA 
phase and is therefore more efficient bandwidth-wise.

Paul.