This question doesn't pertain specifically to Exchange, more to the blog. Whilst looking at a spam issue for a customer I came accross this blacklist: http://v4bl.org/ at the top of their website they have the tag-line: You had me at EHLO. I'm wondering if this site has any relationship with the Exchange Team blog site, whether they are trying to imply a relationship, or if it is just co-incedence? I am always wary of any entity who are not completely honest. Thanks for any thoughts.

I never heard of this site before, I suggest you don't worry about it. If you want to check Black listing than go to www.mxtoolbox.com Are you facing any issue?Gulab Prasad, gulab@exchangeranger.com My Blog | Z-Hire Employee Provisioning App

Hi Gulab, The site does provide a blacklist, how much it is used i don't know but it does claim to be one of the biggest. As far as checking blacklists i find http://multirbl.valli.org/lookup/ is more thorough than mxtoolbox which is where I found my customers' entry on v4bl. I'm not facing an insurmountable, just interested about how valid that blacklist is. Thanks.

On Fri, 4 Jan 2013 10:47:24 +0000, IainZ wrote: >This question doesn't pertain specifically to Exchange, more to the blog. > >Whilst looking at a spam issue for a customer I came accross this blacklist: http://v4bl.org/ at the top of their website they have the tag-line: You had me at EHLO. > >I'm wondering if this site has any relationship with the Exchange Team blog site, It does not. >whether they are trying to imply a relationship, or if it is just co-incedence? I'd say it's a coincidence. "You had me at hello" is a common phrase and clever people just substituted HELO for "hello" and then "EHLO" to avoid the confusion of misspelling. Right, Andy? :-) >I am always wary of any entity who are not completely honest. If you're happy with their policy (in the "Some Typical Reasons We List IPs:" link) then you can use them. I wouldn't. I don't agree with their published policy. But, really, if they're only "93.2% as effective as SpamhausZEN and 87.2% as effective as BarracudaCentral", why not use those lists instead? --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

On Fri, 4 Jan 2013 14:42:59 +0000, IainZ wrote: >The site does provide a blacklist, how much it is used i don't know but it does claim to be one of the biggest. "Biggest" != "Most Effective". It also doesn't imply "most used". They're basing their claim in the number of IP addresses listed. :-) >As far as checking blacklists i find http://multirbl.valli.org/lookup/ is more thorough than mxtoolbox which is where I found my customers' entry on v4bl. So, for which if the reasons listed on that sites web page is your client listed? Fix the problem and get delisted. >I'm not facing an insurmountable, just interested about how valid that blacklist is. All DNSBLs are "valid" if you agree with their policies. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

But, really, if they're only "93.2% as effective as SpamhausZEN and87.2% as effective as BarracudaCentral", why not use those lists instead? Your logic here seems to imply that one is a subset of the other - that is: 100% of V4BL is contained within 93.2% of SpamhauseZEN. & 100% of v4BL is contained within 87.2% of BarracudaCentral. This does not seem logical, as then one could also assume that since BarracudaCentral appears larger than SpamhausZEN, then: 100% of SpamhausZEN is contained within BarracudaCentral. Why use SpamhausZEN then (also)? As you can see, those numbers are just hit scores and the best practice is to use multiple lists because they are NOT subsets of each other.

On Sun, 6 Jan 2013 21:08:25 +0000, v4BL wrote: >But, really, if they're only "93.2% as effective as SpamhausZEN and87.2% as effective as BarracudaCentral", why not use those lists instead? > >Your logic here seems to imply that one is a subset of the other - that is: > >100% of V4BL is contained within 93.2% of SpamhauseZEN. & 100% of v4BL is contained within 87.2% of BarracudaCentral. I'm just repeating what the operators of the site posted. It's not _my_ logic at all. >This does not seem logical, as then one could also assume that since BarracudaCentral appears larger than SpamhausZEN, then: >100% of SpamhausZEN is contained within BarracudaCentral. > >Why use SpamhausZEN then (also)? > >As you can see, those numbers are just hit scores Which is the measure of effectiveness by DNSBL standards. The number of IP address in the DNSBL is meaningless, except to the sites mistakenly identified as misbehaving. >and the best practice is to use multiple lists because they are NOT subsets of each other. The "best practice" for DNSBLs is not to use them. They don't identify spam, just the sources of "something" that the operators of the DNSBL decide. I'd much rather use a well run reputation server that returned a relative ranking of the IP addresses. Applying that ranking to the overall "spam score" is a much better idea. If the ranking sinks below a certain level, refuse the connection. You won't mistakenly shut down e-mail from a business partner that way unless they don't maintain a good reputation --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

I'd much rather use a well run reputation server that returned a relative ranking of the IP addresses. Applying that ranking to the overall "spam score" is a much better idea. Isn't that what RBLs (like Spamhaus, Barracuda) do? (please clarify your definition of "reputation server") You say "The "best practice" for DNSBLs is not to use them." and then seem to say that is what you would rather do.

On Sun, 6 Jan 2013 23:28:01 +0000, v4BL wrote: >I'd much rather use a well run reputation server that returned a relative ranking of the IP addresses. Applying that ranking to the overall "spam score" is a much better idea. > >Isn't that what RBLs (like Spamhaus, Barracuda) do? They do not. They return only an IP address that defines in which list the address is listed. >(please clarify your definition of "reputation server") One that returns a value relative to the trustworthiness of the sending IP address. Think of as something similar to a credit score. >You say "The "best practice" for DNSBLs is not to use them." and then seem to say that is what you would rather do. Really? I don't think "a well run reputation server" (which is what I said) is anything like a DNSBL except they both might use DNS as a basis for answering a question. http://www.trustedsource.com/ http://www.senderbase.org --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

Thank you all for some food for thought. I just want to clarify what I meant by 'Valid', in this context I mean a provider that is impartial and whos' aim is to provide quality data for the purposes of mail server operators to make an informed decision, and whos' aim is not simply to make money out of delisting. Also a provider that if ignored could have a noticeable impact on mail delivery. Rich, I am interested in how turstedsource and senderbase are used, are you suggesting that these be used to manually check the reputation of a specific host or hosts? My understanding is that is only how they can be used, but blacklists (such as Spamhaus or Spamcop) are/can be used to dynamically find out info on a senders hosts during the receiving of each email. If I have missed something please let me know. v4BL, are you affiliated with the above mentioned site? I am assuming you are because of your username. Thank you.

"v4BL, are you affiliated with the above mentioned site?" If by that you mean "v4BL.org", yes - one and the same. If you mean "Exchange Team blog site", no - the "You had me at EHLO" was coincidental. It is a spin from a 1996 movie ("Jerry Maguire") quote.

To be clear: V4BL does not charge, and has never charged, for delisting.

On Mon, 7 Jan 2013 10:30:28 +0000, IainZ wrote: > > >Thank you all for some food for thought. > >I just want to clarify what I meant by 'Valid', in this context I mean a provider that is impartial and whos' aim is to provide quality data for the purposes of mail server operators to make an informed decision, and whos' aim is not simply to make money out of delisting. Also a provider that if ignored could have a noticeable impact on mail delivery. > >Rich, I am interested in how turstedsource and senderbase are used, TrustedSouce is used by the OEMs code. It's subscription-based and not open for use by just anyone. I expect the senderbase is the same. >are you suggesting that these be used to manually check the reputation of a specific host or hosts? No. I'm suggesting that the spam filters that depend on the use of DNSBLs are holdovers from the 1990's and early 2000's. >My understanding is that is only how they can be used, but blacklists (such as Spamhaus or Spamcop) are/can be used to dynamically find out info on a senders hosts during the receiving of each email. If I have missed something please let me know. If you depend on the spam-filtering delivered with Exchange you pretty much get the use of MS's IP reputation server. If you use FPE and the Cloudmark engine you get much better results (at a cost, of course). But if you need better control over what's being tagged as spam then you really need to step away from MS and have a look at other vendrs. >v4BL, are you affiliated with the above mentioned site? I am assuming you are because of your username. I'm guessing "yes" based on the comments made by that person. Whenever a DNSBL is disparaged the operator usually pipes up and defends the service. --- Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP

Hi, v4bl is like SORBS and Apews, they list IP blocks, don't rely on them ! Spamhaus and Barracuda are far more effective because : 1- False positives are very rare 2- Constructive dialogue is possible when you inherit an IP blacklisted by a previous owner. One of my IP's is currently blacklisted by V4BL. However, I never sent emails through this IP ! It is impossible to get delisted because v4BL is always considering that the domain name configured as rDNS is"disposable". Obviously, it is not the case at all ! I have been using this domain name for 6 years to send newsletters to my own list of customers ! Needless to discuss with them, juste ignore them... In other words : If you don't want spams, use SpamHaus. If you don't want emails (spams or legitimate), use v4BL. Franck, delivrability expert of a French e-Marketing Company.

In other words : If you don't want spams, use SpamHaus. If you don't want emails (spams or legitimate), use v4BL. Well put, Oxemis. V4BL are a joke. One of my clients had an infected workstation that damaged their IP reputation. After resolving the issue, most blocklists had cleared the IP within 24 hours. Two weeks later, V4BL still refused to delist it. Contacting them got me nowhere. In the end, it didn't matter because no one uses their list. My client has had no problem sending email. I just like a clean report when I run an IP check, but I can ignore V4BL in my results.

Extract from cbl.abuseat.org/faq.html : V4BL brags about having several hundred million IP addresses in its list. It appears evident that V4BL essentially lists _any_ IP address that ever sent a spam and never removes them. Everybody leaks. To suggest otherwise is ridiculous. As should be obvious, the false positive rate is absurdly high. It may be useful in some situations with scoring algorithms, but we otherwise do NOT recommend using this DNSBL. Nothing more to add !