Jeff Chan wrote:
One of the goals of looking at URIs appearing on the CBL traps in messages also triggering CBL inclusion is to get listings of new URIs into SURBLs sooner. One of the valid criticisms of SURBLs is that there is too much delay between the time a URI is first used and it gets listed in SURBLs. This is a problem with RBLs in general, and it means that the targeted senders (or URIs) have a window of time before detection and list inclusion where they can send unhindered.
...
Our challenge therefore is to find ways to use those while excluding the FPs. Some solutions that have been proposed so far are:
...
What strikes me most is the fundamental incompatibility between aiming to reduce the window of opportunity before a URI gets onto any lists, yet using inclusion on other lists as a way of confirming the validity of the data.
How about a multi-level system, where any (non-whitelisted) URI in the CBL data is immediately included on the first level, then gradually gets promoted to the higher levels once it is corroborated by further reports, inclusion in other lists, manual confirmation or whatever. The last byte of the A record could be used to indicate the level. The number of levels and the details of promotion/demotion strategies would obviously need to be worked out and refined over time.
Logically the lower levels would have higher FP rates, but can be given lower SA scores (or equivalent weightings in other client apps).
John.