Support for Real Time Black Lists in Mozilla Mail

SpamMozilla Mail has made some excellent strides in the fight against unwanted mail (SPAM). Particularly with regards to the Bayesian junk mail controls. This technique is extremely effective when the user trains the junk algorithms with postive and negative data. We would like to push the SPAM work even further by adding support for real time black lists to Mozilla Thunderbird Mail. RBLs work a differently than the bayesian junk controls. An RBL is a list of 'known' SMTP servers notorious for sending SPAM. When the user receives a message, we can look at the IP address of the originating SMTP server, and look it up in a black list. One of the advantages of RBLs is that they don't require any work from the user. There is no training involved. In addition, the lists are 'live' and evolve over time as more sites are identified as senders of SPAM.

Read the Support for Real Time Black Lists spec.


July 07, 2003 12:14 PM | Posted in Mozilla

Ads:

Back Next

6 Comments

RBLs may not be such a great idea. First off, many mark off an entire block of IPs instead of just an individual IP.

Secondly, if you get on the list for whatever reason (ignorance or whatever), the RBL owners are less than helpful in helping you get off.

While they sound great, RBLs are an equivalent of taking a fly out with a Tomahawk missile.

Comment by frizzo at July 7, 2003 04:59 PM | Permalink

The current junk mail filters are good, however the UI and behavior of the junk filter is not that good, yet

I know much work is begin done on how to improve this feature. There are several bugs filed with RFEs to make junk mail more effective and more logic in it's actions.

Like right now, the junk filter is run AFTER all messages are downloaded from the server... This is not very logic since users would normally begin browsing mails right after each message is downloaded. It would therefore make more sense to check for junk after EACH message is downloaded.

Of course there is also the fact that junk mail triggers the mail-notification, but that bug is being worked hard on.

I do however like how Thunderbird is much improving in the ways of handling junk, like you can now select not to allow HTML or loading of remote images if a mail is junk.

Thunderbird is the future, I just wish there were more developers on it, and that they would listen to MY requests :)

Comment by Tom Sommer at July 7, 2003 10:47 PM | Permalink

Here's an example of what happens with IP blacklists: Boston diaries IP change http://boston.conman.org/2003/06/23.1 In short, Sean Conner, the author of Boston diaries got a new server and a new IP. The IP had been previously used by a spammer and that had ended in a blacklist.

Blacklists do not help stop spam. Spammers can get new IP's as easily as switching ISPs. It's the people who get the IPs left over by spammers that are hurt.

Site icon Comment by Juha-Mikko at July 8, 2003 10:21 AM | Permalink

I use RBL blocking with MailWasher and this has worked for me beter than Bayesian filtering (no false positives yet). I haven't tried the Mozilla Mail bayesian filtering yet.

It would be nice to be able to put junk message that are not filtered by both the bayes and RBL filters in a different directory (MaybeJunk).

The Lookup takes quite a bit of time (in MailWasher at least). Here are a few ideas to speed it up:
1. Use some filtering to disable performing the lookup for some mails. For instance I get tens of mailist messages that never have SPAM in them.
2. Store the RBL lists localy and use some CVS-like update with diff files to update them.

Another idea - you can maintain your own RBL that is updated by the users(that wish to participate). If many users mark messages originating from the same IP as junk - the IP is blacklisted. If many users unmark some messages from a blacklisted IP - this IP is removed from the blacklist.

BTW, does any of the plugin developers read this blog?

Comment by geleto at August 20, 2003 02:52 PM | Permalink

RBL's absolutely DO work and they work incredibly well. I used mozilla's bayesian feature for a couple of months and "trained" it as such filters must be trained and while it reduced my spam from about 50 to about 10 a day it did not eliminate them - and I got a few false positive a day. So I turned off bayesian filtering and started using spampal and configured it to check half a dozen RBLs and my spam problem just went away. Anyone who says RBL don't work is probably in love with the elegance of learning systems like bayesian filters - and not without reason, but the simple fact is RBL work and they work well.

Comment by anonymous coward at January 13, 2004 07:21 AM | Permalink

Just one question.

why doesn't the ISP mailserver stop obvious untracable spam email ( that which has no dnr as noted in sam spade on a trace)
are they just lazy, or are they part of the problem?

Comment by PS at January 16, 2005 07:14 PM | Permalink

Post a comment




Remember Me?




Please enter the security code you see here

.
You're here: Home - Support for Real Time Black Lists in Mozilla Mail
Get the Mozilla Firefox browser