Jeff said:
If Mainsleazers use fixed mail servers, then just block the mail servers using a global or local RBL, or even block their IP addresses at the transport or routing layer.
It they're using zombies then they're a very good candidate for SURBLs.
How's that for a compromise?
Jeff, up until this point, all your concerns and points made a lot of sense. Certainly, there are issues and questions you have raised which need more attention and thought.
However, this last point you made makes little sense. First, there is not much difference, for all practical purposes, between doing what you are suggesting and just throwing all these "mainsleazers" into SURBL... yet no one is suggesting or is in favor that. We are not trying to "end-run around" SURBL by making it more strict in order to circumvent our regular standards. Instead, most of us see the "graylist" as more of an auditing tool or a factoring tool. Recall how some have already mentioned factoring the unconfirmed.surbl.org into SpamAssassin's score, but at a lower value than the regular SURBL score. That way, where a regular SURBL hit might be enough to get a message blocked... an unconfirmed.surbl.org hit would take ADDITIONAL evidence (or rules) to get that message blocked. Also, another use for unconfirmed.surbl.org would be as an auditing tool, where an extra copy of mail that gets "hit" by unconfirmed.surbl.org (but NOT by multi-surbl.org) might go to a folder for review by the mail administrator so that the mail administrator might create additional filtering "rules" for blocking this type of message in the future in a more precision, "surgical strike" manner which doesn't block all mail just for having that particular URI.
Finally, another reason for this greylist, as I and Chris have pointed out in the past, is that spammers will try to circumvent SURBL in the future by providing some little legit service "on the side". Certainly, it would be good to keep these types "on a short lease". If we ONLY do what we have been doing so far, the is a big loophole in SURBL.
A week or two ago, I had other related suggestions about this issue. (I don't know if it got much attention at the time). This post had suggestions for OTHER ways to deal with this potential loophole. (I'll try to find it and repost.)
Rob McEwen