Subscribe to RSS News Feed About Spamhaus  |  Press Office  |  FAQs

Tweet Follow @spamhaus

Block 99.4% of spam using only Spamhaus’s blocklists and SpamAssassin 2019-03-22 15:20:00 UTC   |   by Milly Fawcett   |   Category:  security

Recent News Articles Poor sending practices trigger a tidal wave of informational listings Spamhaus Botnet Threat Update: Q4-2021 SERVICE UPDATE | Spamhaus DNSBL users who query via Cloudflare DNS need to make changes to email set-up Spamhaus Botnet Threat Update: Q3-2021 Spammer Abuse of Free Google Services Spamhaus Botnet Threat Update: Q2-2021 Emotet Email Aftermath Wordpress compromises: What's beyond the URL? Older News Articles: Spamhaus News INDEX

In Virus Bulletin’s recent VBSpam Test, Spamhaus’s data blocked 99.43% of spam with 0.02% false positives. That’s pretty impressive, but what’s changed between Dec 2018 and Mar 2019 to send Spamhaus’s block lists up the leader board? Maximizing Performance Formula 1 teams spend months fine-tuning their racing cars to maximize speed and handling capabilities. They understand the complexities and nuances of their individual cars and tune them accordingly. While we are not likening the Spamhaus team to Ferrari (although the speed at which some of our team move when the word “beer” is mentioned, is pretty pacy) we are drawing a parallel: The Spamhaus team know their data-sets better than anyone, so who better to fine tune SpamAssassin rules to maximize the performance of Spamhaus's block lists within SpamAssassin? We don’t want to teach you to suck eggs… If you’re reading this, it’s highly likely that you understand what role SpamAssassin plays in the email delivery infrastructure, in which case we recommend you skip to “What’s changed?” However, for those of you reading this who are new to the world of blocking spam email here’s a quick introduction: A basic lesson in blocking spam There are 2 layers of defense when it comes to blocking spam email. The first is at the Simple Mail Transfer Protocol (SMTP) layer. Here, several checks can take place including the examination of the connecting Internet Protocol (IP) address and the connecting domain. The domain can be checked at three stages: The HELO/EHLO parameter The sender’s envelope address The reverse Domain Name System (DNS) record of the connecting IP As shown by the other "classic" VBSpam tests using our data, the percentage of spam caught at the SMTP stage is between 97% and 98%; however, neither the content of the email header or message body are inspected; in fact the SMTP transaction is normally terminated with an immediate rejection before the message is actually transmitted. Inspection of content happens at the next step after message acceptance, and more often than not is undertaken by SpamAssassin. Supported by the Apache Foundation, SpamAssassin is a widely used, open-source (i.e.free), intelligent email filter used to identify spam. It is utilized in one of the following ways: As a standalone application As a subprogram of another application e.g. SA-Exim, MailScanner, Amavis, etc. As a client (spamc) that communicates with a daemon (spamd) Users of SpamAssassin can employ block lists from various sources, including Spamhaus. The data from the email header and contents is checked against the data in the block lists and scored to determine whether it should be considered as spam, or not. What’s changed? Until recently those using SpamAssassin and Spamhaus’s block lists had to rely on the programme’s default configuration, or, manually change SpamAssassin’s configuration based on what the user believed to be the best settings. Now, users no longer have to rely on intuition or the defaults: we have created settings to maximize the effectiveness of our block lists. We’ve introduced new analysis for the headers and tweaked both the rules and weighted scoring. With these simple changes, you can achieve very similar results to those obtained using an expensive mail filter product, all for the cost of a subscription to Spamhaus’s Block lists via the Data Query Service (DQS). How do I get my hands on these recommended settings? Firstly, it’s worth noting that this will only work for subscribers to the Spamhaus DQS. Additionally, you need access to all our block lists, i.e., Spamhaus’s Domain Policy Block List (DBL), Zero Reputation Domain (ZRD) and Spamhaus’s ZEN service, which includes the Spamhaus Block List (SBL), the Exploits Block List (XBL) and the Policy Block List (PBL). With all the above in place just go to https://docs.spamhaustech.com/ and find ‘Data Query Service using SpamAssassin’ or click here, and download the instructions and Spamhaus's SpamAssassin add-on. Naturally, if you are using a subprogram with SpamAssassin you will need to amend accordingly. Why wouldn’t you want to maximize the capabilities? N.B. The VBSpam results refer to the test configuration where Spamhaus's data-sets were the only ones used: lookups to all other services supplying data were disabled. This was our choice, to keep under observation how far we can go "all alone". SpamAssassin users will get better results, particularly in the malware and phishing areas, by turning on services that deeply analyse mail contents such as the ClamAV open source anti-malware engine. The Spamhaus DQS in conjunction with an anti-malware engine would bring the overall scoring to the level of vastly more expensive mail filter products.

Spamhaus Information Press Office Spamhaus News Index Spamhaus in the media About Spamhaus Spamhaus Official Statements

Article Information Permanent link to this news article: Block 99.4% of spam using only Spamhaus’s blocklists and SpamAssassin http://www.spamhaus.org/news/article/782/block-99.4-of-spam-using-only-spamhauss-blocklists-and-spamassassin Subscribe to RSS News Feed

Spamhaus News Quotes Permission to quote from or reproduce Spamhaus News articles is granted automatically providing you state the source as Spamhaus and link to the news record.

© 1998-2023 The Spamhaus Project SLU. All rights reserved. Legal  |  Privacy