On Tue, 7 Sep 2004, Justin Mason wrote:
There's another issue to think about, when you're talking about SURBL listings. A domain listed in SURBL may not have anything to do with the *sender* of the message; it matches the domains mentioned inside a message *that may have been sent by someone else*.
I think this means that the SURBL situation is uniquely different from most DNSBLs. Generally a DNSBL matches against the *sender* of a message. If a sender is listed, their messages and only their messages are blocked.
But in the SURBL case, a listing means that their messages, forwarded copies of their messages, cut-and-pastes from parts of their messages, etc. will also be listed.
This inherently means that for a certain case of borderline domains, a listing will result in more FPs even if the original sender has spammy tendencies.
- --j.
Yes, but at a deeper level, SURBL is actually a better anti-spam tool because of that phenomenon. Spammers are a service industry, they sent out junk because they get paid by somebody else to do so. (IE just the sending of the crap is not intrinsically valuable, it's because somebody else finds value in it as an advertising medium).
So each forwarding of a spam message is that much more exposure and value-add for the actual slime-merchant.
If we can make that reference anathema, then we take away its value and reduce the effectiveness of that advertising medium, thus reducing the profit motive. Which ultimately will be the only real way to stop spam. As long as there's good money to be made in a particular activity (spam, drugs, smuggling, etc) people will do it, regardless of how hard it is to do.
This is also why SURBL is useful for blog cleaning, etc. It hits the references to the slime-merchant's goods.
However Justin, Jeff, et-all are correct. We need to be careful in how we target this weapon, lest it get branded a loose cannon.