Pondering the question of how to make a "telco grade" SURBL that had as close to zero false positives as possible, but would still catche many spams, I remembered that many of the biggest spam domains seem to appear in several different SURBL lists.
What does anyone think about creating a "consensus" list that a telco or ISP might use to block at the MTA level?
For example a domain that appears on:
((SC or AB) and (JP or OB)) or PH
might be a candidate for such a list. The main reason I don't include WS is that it's a hand built list and I don't have a feeling for the latencies from it.
SC and AB are both mostly based on SpamCop user reports. JP and OB are both mostly based on spamtrap data. PH represents really destructive fraud and phishing and probably should be included unless the FP rates from it are significantly above zero.
I realize this is a simplistic scheme and other ways of combining the list are possible, but what does anyone think those idea?
Conceivably we could have other combinations.
Another possibility might be records that appear in
SC and AB and WS and JP and OB
I think we can nearly guarantee that those are 100% spam. :-) (Would want to check those that are in WS separately from JP, which is currently included in WS.)
What other ways to combine lists might produce near zero FPs yet still hit most spam?
Shall we just try some of them and see how well they work?
Comments?
Jeff C. -- "If it appears in hams, then don't list it."