On Sunday, August 29, 2004, 4:19:46 AM, Alex Broens wrote:
- Zombies or fixed IP? imho its irrelevant.
No it's very relevant. Any spam that comes from a fixed IP can be blocked on a local or global RBL.
SURBLs are most useful to catch the ones that can't be caught that way due to zombies, etc.
- Who defines "most abuse" & how?
Mainly the spammers do, by their own actions. Clearly breaking into someone's (insecure) computer and stealing services and bandwidth from it are abusive. Clearly sending 10,000 spams to get 1 through the filters is abusive. Those most highly abusive ones are the most important to catch. It's made important simply by their high level of abuse, if nothing else was even considered.
- There's spammers who have been around for years, from fixed IPs and
although they're so called "whitehats", business with a reputation and an attitude (Dell?) and users report that no matter what you do, an opt-out isn't respected....
So blacklist them locally or personally. We could never list dell.com because many people might mention them in legitimate emails.
Sometimes I wonder if people understand this new paradigm. ;-)
Dunno..... In the last few days I've seen trash coming from dialups which weren't in any RBL. Only a fast entry in my local SURBL zone stopped the flood from reaching more than a couple of users. (1 minute update)
Anything coming from zombied dialups is probably the kind of spam we want to list in SURBLs since there's already theft involved, though I'd still argue IP based RBLs would do it much more efficiently. RBLs are probably still a better solution, i.e. update the dialup RBLs to have the correct dialup pools.
Also I doubt that Dell uses zombied dialups to deliver their mail.
An admin filtering for an Austria based old ppl's home will hardly get a false positive from SURBL or Spamcop, while a US ISP will.
We need to be conservative in listing. It's much better to be able to provide an ISP or telco-grade solution that the old people's home can feel comfortable with than have a solution no-one can be comfortable with due to too many FPs.
Jeff C.