Hi everybody,

My blacklist has been growing steadily and is getting a little unwieldy. I've taken a look at domosort and MWBlist, although they're good tools, they don't do what I want. So I've written a new utility called BLScan to manage my blacklist file (available over email as BLScan.zip).

BLScan will;
* Summarize how many blacklist entries are from each domain present in the blacklist file (like MWBlist).
* Generate the wildcard statements needed to blacklist all domains present. You can then copy and paste a sensible selection into your blacklist file.
* Generate the wildcard statements needed to blacklist domains for which you have received mutliple emails. You can then copy and paste a sensible selection into your blacklist file.
* Allow you to step through the blacklist, indicate which domains you want to wildcard and generate a new blacklist file.
* Remove or retain redundant blacklist entries if a wildcard is added.
* Remove or retain redundant wildcard entries if a wildcard is added.
* You can set a threshold of how many domains are reported for any of the above.
* You choose whether new wildcards are assigned the current date or use the time code "0" option.
* The blacklist file can be in any order, unsorted, blacklist/whitelist reversed, any (valid) blacklist format.
* Everything is optioned.
* It can handle a blacklist in excess of 100,000 lines!
* It will not delete/modify/rename or damage your blacklist file.
* Its written in non-O/S specific code, so it should run under any version of windows.

Ive been using this for some time. If you would like a copy PM me or respond on this thread and I'll PM you. If I get good feedback, then I'll make it available to all from my web site.

Best of all its free

Toucan


This is now available from www.dogsbyte.com

Sure hope rusticdog asks you for the source code, this has been a very requested feature and it sure would be nice to see some management of the blacklist integrated into the mailwasher program.

I don't use the blacklist much but for the folks that do this is going to be a big help!

Actually I wouldnt object to giving over the source code , if this functionality was inserted into MW then that would be even better and separate utilities such as BLScan would be redundant. In the meantime however BLScan is there for anyone that wants it.

Hi all,

BLScan is now available for download from my website at;

http://www.dogsbyte.com

No fee or stupid "registration" thingy is required.

Give it a go, if you think its useful then great, if you think its junk then you can just delete it. Ive had some encouraging and constructive feedback so far.

To make it portable across multiple machines, it doesnt have a very exciting interface, but in my opinion, simple is good. I cant guarantee that it will work on every machine however because I dont have access to all flavors. My home lab is big, but not that big!

PM me if you have problems.

Hi all,

I've just posted a new version (1.3) on my website at www.dogsbyte.com

At popular request, this includes a new "Sort" option, where three consecutive lists are generated in a new output file, showing the blacklist entries sorted by uname/domain, domain/username and date/domain.

Im overwhelmed by the number of downloads and kind comments received. I only wrote this for myself originally, as a nifty little utility to help me my manage my own blacklist file. I thought a few people might find it useful but 320! Makes me wish I'd charged $10 for it!

I dont have any new versions planned, but I might have to think about building a stylish GUI for it. Something I currently know zilch about, but that can be a new project for my lunch breaks.

Toucan

p.s. Since I dont send out any emails whatsoever to users past or present, I would also suggest blacklisting my domain *@dogsbyte.com since some spammer is currently forging it into his/her message header and sending spam to me from my own domain!

Thanks for the update, sure wish the firetrust folks would add something like this to the program so we wouldn't get so many requests for it.

Thank you!
This handy utility took <10 minutes including startup learning curve, and shrunk my blacklist by ~25%. It'll probably become even better after I read the instructions... someday.

Made as a sticky
Thanks Toucan

A well deserved sticky too.

rusticdog, how about buying him a few lunches while he works on the GUI and putting a copy of the program on the firetrust site and a mention in the FAQ.

It would end the (valid) blacklist complaining here!

Never used it myself, will download it now and check it out

MWP alone is a terrific tool that has solved >95% of my spam problem. Toucan's useful BLScan reduces workload and improves efficiency -- and now I find that there were apparently predecessors: MWBlist and Domosort.

It makes me wonder what other MWP-related user-generated utilities and other assists are out there, of which I'm ignorant.

Perhaps there's a place for such things?

Toucan,

FWIW

I find that most spammers trashing my inbox use the same address a maximum of 3 times within a week and then change addy's.

If you go to Spam Tools > Blacklist > List options

then tick "Expire unused mail addresses from list"

Select no. of days

This set up keeps my list under 100


Just my way

Byron

I find that blacklisting domains rather than individual addresses is very effective since spammers frequently use a different user name but the same domain. Taking that a step further, I can often see (and add wildcards) that blacklist out 'patterns' of addresses where a domain is slightly modified like the 'svcs' junk.

In order to build up that initial list, I used Gary's starter blacklist and had also captured a lot of addresses over time, I then wildcard them out which prevents any more email from those domains. The whole mailwasher suite of anti-spam methods collects about 95% of my incoming spam. Looking at the statistics, my blacklist is catching ~60%, the rest is filters/servers etc. This is based on 16,000 incoming emails with 17% being legitimate. So in terms of spam, my blacklist is actually catching 75% of the junk. I dont get any false positives.

How much spam you get also seems to depend on what your email addresses are. I have friends with bizarre email addresses that receive hardly any spam! A lot of my addresses are based around my name which is fairly easily guessed. There are people I know who gave their address away on an internet site, that get tons of spam, but nearly all of it from the same domains.

It varies from person to person, how big the spam problem is. The good thing about mailwasher is that you can customize it to meet your own needs.

w0zv,

Interesting idea. This is a difficult area because its just too hard to make a one-fits-all kind of email filter. The blacklist servers like FirstAlert, Spamcop etc. are intended to be 'accumulators' of spam sources. I use 5 of these but they only catch ~7.5% of my spam. I have had some false positives from them too. (I am currently contemplating switching the DNSBL's off and seeing whether my other defences will pick up that same percentage. That way I wont have to worry about the false positives I mentioned).

Perhaps everyone has differing opinions on what is spam and should be blacklisted on a server, as opposed to what is actually valid (but nuisance) mail that individuals should just delete or blacklist. Just because someone else doesnt want it, should that really mean it goes into a blacklist server and gets flagged up as spam to everyone else? As I mentioned, this is a tough subject with compelling arguments in all directions.

Distributing or sharing a blacklist bothers me for all the same reasons. Our filters, blacklists and general MW setup is very personalized. The best I can think of is distributing a kind of generic blacklist, which would be something exactly like Gary's list. But in distributing that on a web page, spammers can then see exactly what they need to do to evade it!

I'll give it some more thought.