Originally Posted by
mixture
If you made it into Spamhaus then its pretty much guaranteed you were really sending out spam. Spamhaus are very well respected and have an incredibly low false-positive rate (infact I've seen no false-positives caused by Spamhaus, and that's on various busy mail servers where a Spamhaus data feed subscription is in place). They take their work very seriously and as far as possible they aim manually review anything that's borderline before it gets into their database.
The only exception to that is if you were on the one specific Spamhaus feed that is a list of ISP broadband connections which is used as a guidance list to flag up possibly suspicious mails, rather than a specific spam filtering list.
SORBS are not bad either, they've been around a while but Spamhaus beats most lists heads down for quality and low-false positives.
But I digress, enough about spam filtering lists, good to hear you did the right thing and re-installed from scratch.
Spamhaus is 'alright', but certainly not as high as you claim. I have to clean false-positives from them roughly once every quarter. They are better than Sorbs though. Uceprotect is another good one. My filters are set to check 10 of the top RBLs and discard if there's 2 or more hits anyway. Spamassassin deals with the rest. (you can see what I spend a large amount of my time doing).
Anyone wanting to check themselves out could do worse than checking with
Multi-RBL Check | The Anti-Abuse Project
Originally Posted by
cockney steve
Today, I had "HMRC. NO REPLAY "
Yep, they got the last bit right!
This one started last Thursday, and we had a few hits. I wrote a custom rule to get rid of them but within an hour they were in the RBLs and Spamassassin updates.
FWIW, I think on Thursday a major botnet was halted, as we saw a dramatic reduction in spam (like 75% down). We've seen a lot less spam in January than we did in Nov/Dec anyway.