----- Original Message ----- From: "Jeff Chan" jeffc@surbl.org To: "SURBL Discussion list" discuss@lists.surbl.org Sent: Sunday, August 29, 2004 11:15 AM Subject: Re: [SURBL-Discuss] SURBL WS test scores in SA 3.0
On Sunday, August 29, 2004, 1:41:43 AM, Alex Broens wrote:
From: "Raymond Dijkxhoorn" raymond@prolocation.net
For example, obviously, there are going to be many Fortune 500
companies
who
will get away with the worst kinds of harvesting of e-mails from web
sites
for spamming. Surely, most of the time, their legal departments will
prevent
this because their "deep pockets" cannot afford to pursue such risky business practices. But in the event that one DOES do this, we would obviously not want to include them in SURBL, even with their bad
behavior.
What are your thoughts about leveling the lists, so for example we can make a new evil.surbl.org, where we also state 'dont use this at home, unless...' then we can shift those 'grey area domains' to the new list
and
we all can be happy.
There will be more and more trying to be gray, and its not like a
hardcore
spammer can send out 1 legit mailing and be whitelisted all at once...
Supported.... I'd even say ws.subrl.org should be this list..... and let spamcop and the rest be more lenient. Adding another list would probably just complicate the choice, while
making
ws. (if Bill approves) the more strict list, users have the choice to
set
their score accordingly.
I disagree. Making lists overly inclusive and increasing the false positives is how many anti-spam efforts fail. We should stay focussed on catching the hard core spammers since they are responsible for most of the abuse.
Jeff, If you have 25k users....... see 15k of each spam flood and the user base is totally mixed then does that come from "hard core" spammers?
- Zombies or fixed IP? imho its irrelevant. - Who defines "most abuse" & how? - There's spammers who have been around for years, from fixed IPs and although they're so called "whitehats", business with a reputation and an attitude (Dell?) and users report that no matter what you do, an opt-out isn't respected....
Also anyone not using zombies can be easily blocked with conventional RBLs at a vastly lower computational cost.
Dunno..... In the last few days I've seen trash coming from dialups which weren't in any RBL. Only a fast entry in my local SURBL zone stopped the flood from reaching more than a couple of users. (1 minute update)
There really isn't much point in adding anyone who sends spam from fixed IP addresses since they are dropped so much easier and faster with a regular RBL.
IF they ever make it to an RBL. my thought is that they should complement each other. Lots of stuff from fixed IPs never makes it to Spamcop or Spamhaus if nobody reports it. They're not any better than SURBL or the other way round.
If you use Spamcop intensely, depending where you're based and what your user base it like, you'd be in trouble. Same "could" apply for SURBL. None will ever be the prefect solution, both will do magic if used correctly.
An admin filtering for an Austria based old ppl's home will hardly get a false positive from SURBL or Spamcop, while a US ISP will.
Oh well... politics... the more of them happening, the faster heads get heated up or small parties get formed. Will personally keep on reporting and hope my judgement doesn't cause anybody grief, and if it would, just kick me out.
Lets all enjoy Sunday and a great Formula 1 race in Belgium :-)
Alex