nanog mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Spamhaus ...

From: Joel M Snyder <Joel.Snyder () Opus1 COM>
Date: Wed, 17 Feb 2010 18:33:00 -0700
Matthew Black wrote:
>When we licensed Spamhaus a few years back, they required us to set-up a DNS 
>slave server instead of querying against their public server. They had a
>special DNS client that allowed partial zone updates. Turns out we
>downloaded huge hourly updates.
This is no longer necessary. You can either run your own server (zone transfer-ish) or you can query their servers. When you pay your fee, you get a magic code which you insert in the DNS query, and this lets them know who you are.
I second the assertion that others have already made that this is worth the money. We do spam testing, and I can more-or-less guarantee that Spamhaus beats all of the free reputation services (and a number of the for-pay ones) hands-down in its ability to block spam and the incredibly low number of false positives.
In case you are interested in more on the topic, I did write a white paper (ob.disc.:Cisco gave me money to write up the white paper based on data I have been collecting for years) on reputation services. 

John Levine wrote:

> > We no longer use Spamhaus, relying instead upon Sender Base Reputation
> >Scores (IronPort).

>How does the price compare?
Well, depending on how you look at it, either horribly or beautifully. You can't buy SenderBase by itself; you get it with an Ironport anti-spam appliance. So if you were going to buy Ironport anyway, the price is "free" which makes it cheaper than Spamhaus. On the other hand, if you just want SenderBase, it'd be a very expensive way to get only the reputation filtering.
In general, like many of the big-name anti-spam products, the reputation service is part-and-parcel of the product and can't really be separated out. In fact, with Ironport, they use the reputation service in two ways: one is to block connections in the first place, and the second way is to bias results of their content filter for connections which are accepted. Since their scores are -10 to +10, there's considerable leeway to use the information as part of their anti-spam cocktail beyond simple "go/no-go" of a typical reputation service. 

jms


--
Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
Senior Partner, Opus One       Phone: +1 520 324 0494
jms () Opus1 COM                http://www.opus1.com/jms
Previous By Date Next
Previous By Thread Next

Current thread: