SpamTips.org occasionally looks at the results of Spamassassin’s nightly masscheck at RuleQA in order to analyze the performance and safety of add-on DNSBL’s.  It is vitally important to know how a DNSBL is performing before adding it to your Spamassassin custom rules.  Our analysis demonstrates that raw detection numbers alone can be misleading, as ham safety ratings and overlaps with other rules must be taken into consideration before you decide to use a particular add-on rule.

Today’s report shows some big changes since our previous report from January 2011 where some previously good rules have turned bad. Examined below are Hostkarma, SpamEatingMonkey, Tiopan, UCEProtect, Mailspike, Nix Spam and Lashback UBL.  Recommended scores below are what I personally use in production.

UPDATE: See the latest DNSBL Safety Report for current recommendations.

SpamTips.org occasionally looks at the results of Spamassassin’s nightly masscheck at RuleQA in order to analyze the performance and safety of add-on DNSBL’s. It is vitally important to know how a DNSBL is performing before deciding if it is a good idea to use it.  Many of the below DNSBL’s were tested because they indicated strong performance in other comparisons. Our analysis demonstrates that raw detection numbers can be misleading, as ham safety ratings and overlaps with other rules must be taken into consideration.

Today’s report examines Hostkarma, SpamEatingMonkey, Tiopan, UCEProtect, Mailspike, and Nix Spam and Lashback UBL.  Recommended scores below are what I personally use in production.

If you operate a legitimate mail server, please file a request to have your IP address listed at DNSWL.org. If your buddy’s MTA IP address is not listed, suggest that they get themselves listed.  DNSWL is useful for multiple purposes like:

• Spamassassin adds a negative score if the sending IP address is listed in DNSWL. This can be both good and bad in different ways, but recent measures indicate that it makes almost no difference to spamassassin’s determination. This is because spamassassin is carefully balanced, and DNSWL is rarely wrong.  If you do see cases where DNSWL is wrong, please report it.
• Some major servers use DNSWL as a means to avoid greylisting for “known good” IP addresses. This eliminates delays during delivery of mail from your server.
• Some DNSBL’s use DNSWL as additional input in their reputation decision.  Not exactly a “stay out of DNSBL” pass but it does help, assuming you really are not sending spam.

UPDATE: See the latest DNSBL Safety Report for current recommendations.

This blog will occasionally look at the weekly DNSBL masscheck statistics.  Our measures indicate that the performance and safety of the smaller DNSBL’s can vary wildly from month to month.  If you depend on DNSBL’s, you should pay attention to these safety reports in order to protect your users from the likelihood of false positives and losing mail to the spam folder.  This should help you as a SpamAssassin sysadmin to decide which add-on DNSBL’s to use, and what score to assign with the goal of maximizing spam filter safety.

Here is a quick look at the safety and efficacy of a few add-on and existing DNSBL’s for SpamAssassin.  Today’s report looks into Hostkarma, Spam Eating Monkey, Tiopan, MailSpike, NiX Spam and PSBL.