On Fri, 12 Nov 2004 02:45:15 -0800, Jeff Chan jeffc@surbl.org wrote:
Pondering the question of how to make a "telco grade" SURBL that had as close to zero false positives as possible, but would still catche many spams, I remembered that many of the biggest spam domains seem to appear in several different SURBL lists.
What does anyone think about creating a "consensus" list that a telco or ISP might use to block at the MTA level?
For example a domain that appears on:
((SC or AB) and (JP or OB)) or PH
I think the percentile based lists are probably the best way to go - ie. top 50% of all requested surbl listed domains or something like that?
We should probably work on developing some more diverse spamtrap feeds. Quite a lot of ISP's have well established spamtraps that they are either not using or are completely underutilising.
Lists like SC, AB and JP all seem to be good data sources, but if you were trying to be certain of 0 FP's you'd need something to reliably and continuously rebuild your data against and from.