Jeff wrote:
If a domain has legitimate uses, it should not be added to any list. Yes that means a spam or two will be missed in a few borderline cases, but it's better to miss a few spams than to be used to block someone's possibly legitimate mail.
I agree that it is better to err on the side of allowing a few spams through if it means preventing a false positive. This is especially true considering that SURBL ought to be merely one of a few or several items in one's spam fighting toolkit. However, I also think that this particular part of the discussion is going to need more hashing out because we seem to vacillate often here. But, in all fairness, such is to be expected because there are some very tough issues here!
For example, obviously, there are going to be many Fortune 500 companies who will get away with the worst kinds of harvesting of e-mails from web sites for spamming. Surely, most of the time, their legal departments will prevent this because their "deep pockets" cannot afford to pursue such risky business practices. But in the event that one DOES do this, we would obviously not want to include them in SURBL, even with their bad behavior.
But consider another example which leans toward the other side of the pendulum. An e-mail marketing company tries to play it both ways by (1) sometimes uses harvested addresses (with spamtrap addresses included) when doing business with shady companies ..AND... (2) other times uses legitimate opt-in addresses with other seemingly legitimate companies.... other than the fact that this "legitimate" company chose to do business with such a trashy marketing company ;)
In this last example, what would the official policy of SURBL be?
I'd say that, if all the e-mails in question were pure sales pitches, then blacklist the marketing company on SURBL, but don't blacklist the actual legitimate company. Agree?
But where this can be really tough is if the e-mail marketing company takes over distribution of the legit company's official newsletter, with URIs of the e-mail marketing company included (beacons, for example). This is where it gets more complicated. What should be done in THAT case?
Nevertheless, isn't there also a point where e-mail marketing companies should NOT get away with flagrant and repeated violations just because they decided to play it "both ways". Couldn't this become a strategic and premeditated way for these companies to do an "end run" around SURBL... "Do a little legitimate business on the side and SURBL will say off our back."
Are there other examples which are even more controversial and/or difficult to decide on?
Certainly, I don't have all the answers, but I think I've asked some good questions.
(I don't mean to stir up trouble. I just want us reach a consensus on this.)
Rob McEwen