Jeff Chan wrote to SURBL Discuss:
On Thursday, September 2, 2004, 7:09:27 AM, Chris Santerre wrote:
I am officially proposing a greylist surbl.
We are going to see more and more of this stuff. We might as well deal with it now. I'm suggesting a greylist for all spammers that ride that line. Like the euniverse junk we have been talking about.
1)We DO NOT include it in multi. 2)We SCREAM to the world that it WILL hit some legit, and that only hard liners should use. 3)We DON'T remove domains unless they go completely black, or have no NANAS hits for 3-4 months. 4)See number 2 again. 5)We tell people it is completely optional and to see number 2.
I predict it would be used more for personal emails. IT also gives us an in between mechanism. Rather then list or no list. We get a grey list we desperately need.
I'd rather focus on black lists for the upstream mail servers.
Go ahead! :-)
Greylists are messier, more time-consuming, difficult to categorize, error-prone, controversial, and subjective than black or white lists. We can already see how much effort a few borderline cases consume. Creating and maintaining these as a third category would multiply that.
I disagree to all of your adjectives. :-)
Messier, error-prone, controversial, and subjective: If used as a *blacklist*, your description wouldfit. By *definition*, however, a greylist is the grey area that can't (yet) be classified as black or white. By *definition* it's where the controversial stuff lives. We need an in-between.
Further, I think *not* having a greylist leads to errors and controversy, because even the most careful submitters will (thanks to human nature) have a tendency to want to put domains *somewhere*. It's damned hard to admit that somedomain.com appears in a dozen local spams, has a bunch of NANAS hits, but, jeez, it's so *close*, but maybe, just maybe, they have some legit uses. A greylist ought to keep the size of our blacklist smaller, so that it really *is* as close to a pure blacklist as we can make it.
Borderline: The borderline cases will now have a proper home, and rely less on submitters' judgement.
Time consuming: *Definitely* not. We submitters beat our heads against the keyboard on a per-domain basis for the difficult to classify cases, in an attempt to list them *somewhere* (either as white or black). A greylist would allow us to spend *less* time on some of the really icky domains, and allow the numbers to work for us.
If we make greylists, they will be misapplied, legitimate mails will be blocked, people will (somewhat rightly) complain, and our reputation will be damaged.
This is exactly the objection I expected you'd make. I admire consistency. :-)
However, I take issue with "somewhat rightly complain". What you're talking about, in usability terms, is "affordance". Give somebody a screwdriver, and, with alarming frequency, they'll turn it around and use the handle to beat on something. When someone complains because the handle of their screwdriver is mangled, does that damage the manufacturer's reputation? A coffee mug is *exactly* the right size and shape for throwing. If I throw mine at that wall over there, and it shatters, is it a crappy coffee cup? "Affordance". Tool and mug manufacturers aren't going to restrict and devalue their products just so they don't afford striking and throwing.
If someone takes our greylist and says, "Hey! I could use this to block email", despite the big "May identify legitimate email" warning we're going to scream from the rooftops? We're a cut above: When did you see a coffee cup that said, "May break if thrown"? Actually, that would be less silly than some of the *other* product warnings I've seen...
I know it would perhaps be more fun to play the "find every spammer" game, but I think we should instead focus on improving the quality of the data we already have.
A list of grey domains could help accomplish that. See my next mail.
When we can get the FP rate of WS below 0.01%, then maybe we can think about greylists.... ;-)
Again, greylists might be one of the means to that end.
- Ryan