Spamhaus ...

Joel M Snyder Joel.Snyder at Opus1.COM
Thu Feb 18 01:33:00 UTC 2010 

Matthew Black wrote:
 >When we licensed Spamhaus a few years back, they required us to set-up 
a DNS
 >slave server instead of querying against their public server. They had a
 >special DNS client that allowed partial zone updates. Turns out we
 >downloaded huge hourly updates.

This is no longer necessary.  You can either run your own server (zone 
transfer-ish) or you can query their servers.  When you pay your fee, 
you get a magic code which you insert in the DNS query, and this lets 
them know who you are.

I second the assertion that others have already made that this is worth 
the money.  We do spam testing, and I can more-or-less guarantee that 
Spamhaus beats all of the free reputation services (and a number of the 
for-pay ones) hands-down in its ability to block spam and the incredibly 
low number of false positives.

In case you are interested in more on the topic, I did write a white 
paper (ob.disc.:Cisco gave me money to write up the white paper based on 
data I have been collecting for years) on reputation services.

John Levine wrote:

 > > We no longer use Spamhaus, relying instead upon Sender Base Reputation
 > >Scores (IronPort).

 >How does the price compare?

Well, depending on how you look at it, either horribly or beautifully. 
You can't buy SenderBase by itself; you get it with an Ironport 
anti-spam appliance.  So if you were going to buy Ironport anyway, the 
price is "free" which makes it cheaper than Spamhaus.  On the other 
hand, if you just want SenderBase, it'd be a very expensive way to get 
only the reputation filtering.

In general, like many of the big-name anti-spam products, the reputation 
service is part-and-parcel of the product and can't really be separated 
out.  In fact, with Ironport, they use the reputation service in two 
ways: one is to block connections in the first place, and the second way 
is to bias results of their content filter for connections which are 
accepted.  Since their scores are -10 to +10, there's considerable 
leeway to use the information as part of their anti-spam cocktail beyond 
simple "go/no-go" of a typical reputation service.

jms


-- 
Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719
Senior Partner, Opus One       Phone: +1 520 324 0494
jms at Opus1.COM                http://www.opus1.com/jms

More information about the NANOG mailing list