[SURBL-Discuss] Proposing a greylist

Ryan Thompson ryan at sasknow.com
Thu Sep 2 12:28:08 CEST 2004 

OK, here are a few thoughts, after reading this thread, and making a few
specific replies.

I fully support the idea of a list of grey domains. Even if it starts
as a brand new list, and submissions to other SURBLs aren't affected,
it's a good idea. However, after reading some of Jeff's objections, I
think I can extend a few ideas to make this even more effective.

I like something along the lines of the "unconfirmed" (or "uc") idea.
What if *all* as-yet-unverified SURBL submissions (for ws, and anybody
else who wants to play with us) went to "uc", and we kept score of the
number of submissions (perhaps modified by some assigned trust
multiplier for the "coolness" or historical accuracy of a particular
submitter). Once a domain reaches a certain score, it's added (probably
manually, at first) to ws.  Regular whitelisting mechanisms could still
apply for both lists.

Concern: this slows down inclusion of domains into ws. I don't think it
has to. The SURBL folks re-check submitted domains anyway. Here's what I
see happening with submissions:

1. From relatively trusted submitters, they get added to uc right away,
    and go in the queue for ws
2. ws folks hand-check the submissions as usual. If they believe a
    domain is worthy of outright blacklisting, it's added to ws
    immediately, as usual. Otherwise, it stays on uc.
3. For domains already on uc, if more submissions come in for the
    domain, we have another metric to help accurately classify the
    domain.

We could come up with various levels of automation for this, but, at
first, all three of these things could be done manually without very
much extra work, compared to what we're doing now, as far as I know.

We gain more immediate benefit from submissions (i.e., they're more
quickly worth *some* points in additive classifiers like SpamAssassin),
and don't sacrifice any accuracy or efficiency in the outright
blacklisting of domains. In fact, if we do it right, I believe we can
more efficiently (i.e., faster, or at least with less person time), list
domains accurately.

- Ryan

Chris Santerre wrote to SURBL Discussion list (E-mail):

> I am officially proposing a greylist surbl.
>
> We are going to see more and more of this stuff. We might as well deal with
> it now. I'm suggesting a greylist for all spammers that ride that line. Like
> the euniverse junk we have been talking about.
>
> 1)We DO NOT include it in multi.
> 2)We SCREAM to the world that it WILL hit some legit, and that only hard
> liners should use.
> 3)We DON'T remove domains unless they go completely black, or have no NANAS
> hits for 3-4 months.
> 4)See number 2 again.
> 5)We tell people it is completely optional and to see number 2.
>
> I predict it would be used more for personal emails. IT also gives us an in
> between mechanism. Rather then list or no list. We get a grey list we
> desperately need.
>
> THoughts?
>
> Chris Santerre
> System Admin and SARE Ninja
> http://www.rulesemporium.com
> http://www.surbl.org
> 'It is not the strongest of the species that survives,
> not the most intelligent, but the one most responsive to change.'
> Charles Darwin
> _______________________________________________
> Discuss mailing list
> Discuss at lists.surbl.org
> http://lists.surbl.org/mailman/listinfo/discuss
>

-- 
   Ryan Thompson <ryan at sasknow.com>

   SaskNow Technologies - http://www.sasknow.com
   901-1st Avenue North - Saskatoon, SK - S7K 1Y4

         Tel: 306-664-3600   Fax: 306-244-7037   Saskatoon
   Toll-Free: 877-727-5669     (877-SASKNOW)     North America

More information about the Discuss mailing list