On Sunday, July 31, 2005, 6:52:44 PM, Catherine Hampton wrote: (Greg Allen wrote:)
This has been a debate for some time and the antivirus companies have decided the debate. Can you look at it with SURBL also? Sure, but I am just saying it is a lot of effort to add these disposable IP addresses into any database. Who goes back and cleans up these databases 2 years from now when maybe a real user gets one? It's your system, I am just giving you my prospective, which could of course be wrong or...right. Time will tell.
I'm adding the IPs to SpamBouncer anyway; it isn't any more work to add them to SURBL. Since I expire them by default in a month, unless they still appear, and since Jeff is expiring anything he gets from me on the same schedule I do, nobody needs to go back and clean up the database -- in two years or any other time. So I don't see any disadvantage here, especially since a number of decent AVs still aren't listing phish URLs as viruses/dangerous content.
Actually I'm not expiring them, so it's good that you are.
But the key thing is that as long as they keep appearing in live spams/phishes we can keep listing them. After they've been inactive for a while it makes sense to delist them. We can always add them back on if they start appearing again.
It is a valid concern that Greg makes about the sizes of lists. The same question comes up for any blacklist; they can't keep adding records indefinitely. Inactive ones need to get purged to keep the sizes reasonable.
But in practical terms, RBL-type lists can grow to at least a few million records before they become impractical if the name servers are using rbldnsd. Right now multi.surbl.org, the combined SURBL list has about 150k records. sbl.spamhaus.org has about 5k records. xbl.spamhaus.org has about 2 million records. So SURBLs are not running up against size limits any time soon.
Jeff C. -- Don't harm innocent bystanders.