On Wednesday, December 8, 2004, 8:03:35 AM, Bill Landry wrote:
----- Original Message ----- From: "Daryl C. W. O'Shea" spamassassin@dostech.ca
Was the whitelist you were referring to really the SURBL server-side
whitelist?
Yes! But local SURBL whitelists are needed to reduce traffic and time.
I'd much rather see SURBL respond with 127.0.0.0 with a really large TTL for white listed domains. Any sensible setup will run a local DNS cache which will take care of the load and time issue.
I agree, and have suggested a whitelist SURBL several times on the SURBL discussion list, but it has always fallen on deaf ears - nary a response. It would be nice if someone would at least respond as to why this is not a reasonable suggestion.
Bill, We did discuss several times before. Some of the discussion may have been behind the scenes in the development of uridnsbl_skip_domain:
http://bugzilla.spamassassin.org/show_bug.cgi?id=3805
but we also discussed it on the SURBL discussion list. As I recall some of the arguments against it included:
1. Possible misuse: i.e. mistakenly using it as a blacklist.
2. Performance: A relatively small number of domains appear most frequently in hams, like yahoo.com, w3.org, etc. The point of diminishing returns in publishing as a DNS list more than a few hundred whitelisted domains is reached quickly in terms of decreasing frequency of hits. Some of this can be seen in the whitelist sample hit count stats at:
http://www.surbl.org/dns-queries.whitelist.counts.txt
A cursory statistical analysis will prove my point.
3. Whitehat domains are pretty stable. They tend not to change over the course of many months or even years.
4. Blackhat domains in contrast tend to change rapidly. There is statistical research showing that most spam domains are only used for a few days, then discarded.
5. Therefore the size and rapid changes of spam domains are more appropriately communicated in DNS lists than whitehat domains.
There may have been other arguments, but these are probably the key ones.
Jeff C.