On Wed, 8 Dec 2004 08:03:35 -0800, Bill Landry billl@pointshare.com wrote:
I agree, and have suggested a whitelist SURBL several times on the SURBL discussion list, but it has always fallen on deaf ears - nary a response. It would be nice if someone would at least respond as to why this is not a reasonable suggestion.
The floor in offering a DNS based whitelist is that it encourages people to place a negative score on it. The problem with this is that spammers can poison messages with whitelisted domains, thereby bypassing the power of the SURBL
The concept of "Whitelist" in the SURBL world is more of an "Exclusion List" as in "we exclude these domains from being listed" rather than we consider the presence of these domains in an email to be a good sign of ham.
An excluded domain is therefore ignored in all data and not allocated a score positively or negatively, so trying to poison a message with whitelisted domains is therefore pointless.
I think we either need to look at a DNS version of uridnsbl_skip_domain with long TTL's or we should look at releasing a .cf file. I personally think the more proper implementation may be the DNS based version in order to avoid BigEvil type situations.
Cheers! -- Regards,
David Hooton