Jeff:
I think that there are two areas which present particular challenges.
(1) e-mail marketers who play it "both ways"... thus making it hard to use SURBL to catch their bad behavior without blocking legitimate mail
...AND...
(2) savy spammers who manage to get significant amounts through in the first few minutes/hours BEFORE getting blocked by SURBL... in particular, the ones who already use the best strategies to get around all other types of filtering.
The quicker TTLs is helping with the savy spammers. Also, I recall something about a newer version of SURBL which will use some kind of tracking to trace new domains back to older ones in order to attributing new spam to known and confirmed spammers so that they would stay "attached" to their previous bad records in order to blacklist them faster. What ever became of this? (Did I explain this correctly?)
Anyway... even when these are done, we will STILL have some problems with the most savy spammers.
Also, I think that a lot of people fear that, as we work towards eliminating the rest of the FPs, more and more spam from these e-mail marketers who play it "both ways" will get through and the overall catch rate for SURBL may drop by 10 or 20 percent (or whatever).
I'm willing to live with that... (gulp!)
BUT... I think that it would be great to integrate into a formal tracking system a way to categorize URIs into either or both of these groups. ("SavySpams" and "GrayMarketer" ...or whatever) That way, we can use this data to help us form better "rules" in our linguistic/heuristic filters. The idea being that, at this point, the amount of spam that is getting through is much more focused than a large general pool of spam. This more narrow focus should give us the tools to close any loopholes that SURBL might not catch.
I would also suggest that if a message's server address is already blocked by BOTH list.dsbl.org AND sbl-xbl.spamhaus.org, then it shouldn't be added to this particular list for the sake of keeping the list focused. It seems that, whatever the disagreements about RLBs are, I think that EVERYONE would agree with this particular standard as being a reliable (yet FP safe and conservative) standard for RBL blocking.
I envision a "Gray page" which would list the top 10 offenders of Graymarketers who are bad enough to be mentioned, but not bad enough to get listed by SURBL and the top 10 "savy spamers" who are known to periodically (abet temporarily) beat SURBL with their new domains. Subsequent offenders could be listed on following pages after the top 10 for each of these two categories. Each listing would include a link to more info about this spammer or series of spam. This more info page would also included samples of spam that hit real spamtraps (made anonomous), and, for the gray marketers, samples of legitimate mail with that particular URI.
FP-safe rules would also be suggested...
NOW... who would have the time to get all this together??? :)
Rob McEwen