Jeff Chan wrote:
SBL lists IP ranges belonging to spammers. If a spammer registers a brand new domain but points web, NS or MX service into SBL-listed space, then the domain could in principle be listed immediately, by virtue of IP matching and not the domain itself matching any other list. IOW matches like that permit immediate listing of completely new domains that don't appear as domains in other lists.
OK, I'm with you now.
Right, but it probably should be kept in mind that some SURBL-using applications may not be doing weight-type scoring. Some may be doing outright yes/no blocking. I also prefer the more difficult approach of trying to say a record belongs to hard core spammers or it doesn't. I'm not a big fan of uncertain or grey results. Especially given applications that do outright blocking, listings may be most useful when they're either black or white.
For applications that do outright blocking, naturally the only acceptable results are black or white. But for those that do make use of weighted scoring, shades of grey are also an extremely valuable contribution.
The multi-level shades-of-grey-list I was advocating could conceivably coexist with your existing black-or-white approach, providing useful information to those applications that can cope with greys, and indeed feeding data into the blacklist once a domain reached a dark enough shade of grey!
John.