On Fri, Sep 03, 2004 at 08:27:10AM -0400, Rob McEwen wrote:
Finally, another reason for this greylist, as I and Chris have pointed out in the past, is that spammers will try to circumvent SURBL in the future by providing some little legit service "on the side". Certainly, it would be good to keep these types "on a short lease". If we ONLY do what we have been doing so far, the is a big loophole in SURBL.
From my perspective, this is the compelling reason to have another
list. I'm interested in not missing the URIs that actively appear in spam with occasional appearance in ham, but want to depend on very few false positives out of WS.
Maybe there should be a dark multi, with one bit for confirmed spammers with some ham, and another for early warning entries. It would be nice to be able to evaluate them separately.
As an analog, SARE splits some rulesets (genlsubj, html, header) into `categories of "hit ONLY spam", "have hit ham", and "hit a significant amount of ham." You can choose your level of safety and effectiveness. (If you want to get fancy, encode a confidence level. Two bits? ;-) )