[SURBL-Discuss] RFC: consensus list?

Jeff Chan jeffc at surbl.org
Fri Nov 12 11:45:15 CET 2004


Pondering the question of how to make a "telco grade" SURBL that
had as close to zero false positives as possible, but would still
catche many spams, I remembered that many of the biggest spam
domains seem to appear in several different SURBL lists.

What does anyone think about creating a "consensus" list
that a telco or ISP might use to block at the MTA level?

For example a domain that appears on:

  ((SC or AB) and (JP or OB)) or PH

might be a candidate for such a list.  The main reason I
don't include WS is that it's a hand built list and I don't
have a feeling for the latencies from it.

SC and AB are both mostly based on SpamCop user reports.
JP and OB are both mostly based on spamtrap data.
PH represents really destructive fraud and phishing and
probably should be included unless the FP rates from it
are significantly above zero.

I realize this is a simplistic scheme and other ways
of combining the list are possible, but what does anyone
think those idea?

Conceivably we could have other combinations.

Another possibility might be records that appear in

  SC and AB and WS and JP and OB

I think we can nearly guarantee that those are 100% spam.  :-)
(Would want to check those that are in WS separately from JP,
which is currently included in WS.)

What other ways to combine lists might produce near zero
FPs yet still hit most spam?

Shall we just try some of them and see how well they work?

Comments?

Jeff C.
--
"If it appears in hams, then don't list it."



More information about the Discuss mailing list