What do other hosts think about the spamhaus sbl list and using it to block emails at the mailserver level? We use all kinds of tools and software for spam protection for clients, but have found that the SBL by spamhaus seems to be the most conservative and only blocks the really hardcore spamming networks, and not have any false positives that block out legit emails. Using it on a test server seems to block 25% of all spam received, which is quite a good percentage.

Thanks for any feedback on this issue.

- John C.

Well, I'll post a follow-up. After a few days, 25-30% of all spam received is being blocked at the MTA level, and we have not seen any legit email get blocked...Any other opinions / thoughts on this RBL and its effectiveness?

- John C.

I think the reason you're having a hard time getting responses is because there has been a lot of discussion about the matter of blocklists over the last couple of weeks and people are just talked out.

Ultimately the decision to use a blocklist is a matter of your personal tolerance (both for errors and for spam) and your customer demands. There is no silver spam bullet and some solutions are more appropriate than others. The spamhaus RBL is generally well-maintained but, there is doubtless at least one legit email somewhere in the world that was blocked by it as well.

Coach,

Thanks for the feedback. I agree there is no silver bullet, and using a word like "spews" in any post can cause bad blood, but wanted to see other's thoughts on spamhaus. I've done serious searching here, and have not seen a decent discussion on just spamhaus SBL, which is why I posted.

I'm sure it's not a perfect list, but if they are a well balanced list, then it can work well in most circumstances.

- John C.

If you can, I would not rely on any single list. They all have their faults or false negatives. But if you combine lists, or take a list and some other profile behavoir like improper helo, no mx record,non-existing domain etc. it will work much more effectively.

CHet

I also use multiple, smaller and more selective (single IP and open relay) lists rather than the larger lists. The problem with this is you can end up seriously slowing down your mail server's responsiveness when you're doing multiple remote lookups for every SMTP connection.

A better solution is to write a script to download the rbls every day or so and combine them into your own local, aggregate list.