namesdatabase . com
Listed at WS.
It has legit uses, should be whitelisted?
On Saturday, October 2, 2004, 3:32:45 AM, Bitz Bitz wrote:
namesdatabase . com
Listed at WS.
It has legit uses, should be whitelisted?
FWIW the 11 NANAS hits for this domain seem to come from the same or similar IP addresses: 63.211.182.47
The Names Database THENAMESDATABASE-BLK-1 (NET-63-211-182-32-1) 63.211.182.32 - 63.211.182.47
Which could be trivially blocked by an RBL, but is not listed by SBL or any other RBL as a /28. (Three RBLs list the entire Level3 /16 which is arguably ridiculous.)
http://www.openrbl.org/ip/63/211/182/47.htm
# @ISP/blackholes.us: 63.211/16: 553 ISP LEVEL3 - http://hatcheck.org/google?level3; http://hatcheck.org/sbl?level3; ISP LEVEL3-NOGENUITY - http://hatcheck.org/google?level3-nogenuity; http://hatch [Blockparade]
# DRBL/drbl.all: 63.211/16: 553 DRBL weight: 0.6; vote.drbl.vimas.kiev.ua@ns.vimas.kiev.ua/0.6
# BLARS/block.blars.org: INET 127.3.0.0
To me that says they're probably not a zombie user, which is a count against listing.
Bitz, what kind of legitimate uses do they have?
Jeff C. -- "If it appears in hams, then don't list it."
Bitz, what kind of legitimate uses do they have?
Seems to be a site for tracking down classmates and other old friends, a little over two years old, claims over 9 million people signed up and are in the database. Found a few postings of people who say they're using it.
It can be abused to send messages to total strangers though. They have a referal program, which earns points towards an upgrade from Basic Membership, so some people might spam through the system to get a free upgrade...
Should probably whitelist.
Joe
Agreed. Thanks Joe.
Joe Wein wrote:
Bitz, what kind of legitimate uses do they have?
Seems to be a site for tracking down classmates and other old friends, a little over two years old, claims over 9 million people signed up and are in the database. Found a few postings of people who say they're using it.
It can be abused to send messages to total strangers though. They have a referal program, which earns points towards an upgrade from Basic Membership, so some people might spam through the system to get a free upgrade...
Should probably whitelist.
Joe
Discuss mailing list Discuss@lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss
On Saturday, October 2, 2004, 5:14:13 AM, Joe Wein wrote:
Bitz, what kind of legitimate uses do they have?
Seems to be a site for tracking down classmates and other old friends, a little over two years old, claims over 9 million people signed up and are in the database. Found a few postings of people who say they're using it.
It can be abused to send messages to total strangers though. They have a referal program, which earns points towards an upgrade from Basic Membership, so some people might spam through the system to get a free upgrade...
Should probably whitelist.
Joe
Thanks Joe. This site seems subject to abuse, and is arguably a borderline scam to begin with, but if it has legitimate uses we should not list it. I am whitelisting it.
The source of the data is Alexb:
/home/alexb/black-alexb-rbldnsd:namesdatabase.com
Jeff C. -- "If it appears in hams, then don't list it."
Jeff Chan wrote:
On Saturday, October 2, 2004, 5:14:13 AM, Joe Wein wrote:
Bitz, what kind of legitimate uses do they have?
Seems to be a site for tracking down classmates and other old friends, a little over two years old, claims over 9 million people signed up and are in the database. Found a few postings of people who say they're using it.
It can be abused to send messages to total strangers though. They have a referal program, which earns points towards an upgrade from Basic Membership, so some people might spam through the system to get a free upgrade...
Should probably whitelist.
Joe
Thanks Joe. This site seems subject to abuse, and is arguably a borderline scam to begin with, but if it has legitimate uses we should not list it. I am whitelisting it.
The source of the data is Alexb:
/home/alexb/black-alexb-rbldnsd:namesdatabase.com
Moved to local zone.
Alex
At 20:32 2004-10-02 +1000, Bitz wrote:
namesdatabase . com
Listed at WS.
It has legit uses, should be whitelisted?
http://groups.google.com/groups?selm=2b379589.0406081103.7c29a65e%40posting.google.com http://groups.google.com/groups?selm=2b379589.0406070444.4f892be7%40posting.googl
Patrik
On Saturday, October 2, 2004, 4:34:34 AM, Patrik Nilsson wrote:
At 20:32 2004-10-02 +1000, Bitz wrote:
namesdatabase . com
Listed at WS.
It has legit uses, should be whitelisted?
http://groups.google.com/groups?selm=2b379589.0406081103.7c29a65e%40posting.google.com http://groups.google.com/groups?selm=2b379589.0406070444.4f892be7%40posting.googl
Patrik
That's interesting, but that's not the question. We know the guy behind the site is a piece of brown something.
The question is whether it has legitimate uses. I personally think these sites are mostly abusive scams, but I'd like to know if they have legitimate uses.
Jeff C. -- "If it appears in hams, then don't list it."
Jeff Chan wrote:
We know the guy behind the site is a piece of brown something.
The question is whether it has legitimate uses. I personally think these sites are mostly abusive scams, but I'd like to know if they have legitimate uses.
The "brown something" could be legitimately used as fertilizer.
Please drop the idea that a site is either white or black. If it's an abusive scam, then nobody wants it in his inbox.
Minus one user really wanting a free cell phone, but this user probably also buys herbal viagra from strangers.
Bye, Frank
On Sunday, October 3, 2004, 8:41:21 AM, Frank Ellermann wrote:
Jeff Chan wrote:
We know the guy behind the site is a piece of brown something.
The question is whether it has legitimate uses. I personally think these sites are mostly abusive scams, but I'd like to know if they have legitimate uses.
Please drop the idea that a site is either white or black. If it's an abusive scam, then nobody wants it in his inbox.
As the saying goes: if we wanted to block all spam we could list * . At this point we have some good spam sources and we need to find ways to eliminate false positives.
The best way to do that is to look for domains or IP addresses that one might expect to find in hams, and make sure those are not in the lists. Therefore we try to find records that may have legitimate uses and take them off the lists as errors.
We are not trying to "find every spammer." If we were, we could just list everything we ever find, but then we would have lists that were largely unusable.
I think it's important to share some goals if we are to have meaningful and useful results.
Jeff C. -- "If it appears in hams, then don't list it."
At 14:16 2004-10-03 -0700, Jeff Chan wrote:
On Sunday, October 3, 2004, 8:41:21 AM, Frank Ellermann wrote:
Jeff Chan wrote:
We know the guy behind the site is a piece of brown something.
The question is whether it has legitimate uses. I personally think these sites are mostly abusive scams, but I'd like to know if they have legitimate uses.
Please drop the idea that a site is either white or black. If it's an abusive scam, then nobody wants it in his inbox.
As the saying goes: if we wanted to block all spam we could list
- .
And if we wanted to eliminate all FPs, we could whitelist * .
At this point we have some good spam sources and we need to find ways to eliminate false positives.
The best way to do that is to look for domains or IP addresses that one might expect to find in hams, and make sure those are not in the lists. Therefore we try to find records that may have legitimate uses and take them off the lists as errors.
We are not trying to "find every spammer." If we were, we could just list everything we ever find, but then we would have lists that were largely unusable.
I think it's important to share some goals if we are to have meaningful and useful results.
We did, until obvious spammers started getting whitelisted.
At 05:09 2004-10-02 -0700, Jeff Chan wrote:
On Saturday, October 2, 2004, 4:34:34 AM, Patrik Nilsson wrote:
http://groups.google.com/groups?selm=2b379589.0406081103.7c29a65e%40posting.google.com
http://groups.google.com/groups?selm=2b379589.0406070444.4f892be7%40posting.googl
That's interesting, but that's not the question. We know the guy behind the site is a piece of brown something.
The question is whether it has legitimate uses. I personally think these sites are mostly abusive scams, but I'd like to know if they have legitimate uses.
And I think each and every hit on namesdatabase.com in google groups, not just nanas hits, show that you have to stretch your definition of legitimate use beyond reason for it to include namesdatabase.com.
People being tricked into partaking in scams do not qualify as legit use, even if they don't realize that they are contributing to a scam.
At 06:58 2004-10-02 -0700, Jeff Chan wrote:
Like sendafriend, this site is subject to abuse with an open subscription page, and probably has borderline spammers harvesting and marketing behind it, but since it can get mentioned in hams, I am whitelisting sacredpages.com .
Ok, so now it should be "If it *can* appear in hams, then don't list it.", Not "If it *does" appear..."?
patrik
On Sunday, October 3, 2004, 2:37:45 PM, Patrik Nilsson wrote:
At 14:16 2004-10-03 -0700, Jeff Chan wrote:
I think it's important to share some goals if we are to have meaningful and useful results.
We did, until obvious spammers started getting whitelisted.
Yes, we will miss some spams. That's not the question. The question is do we falsely tag ham and (indirectly) block someone's legitimate message? That's what we want to avoid. That's an error.
At 05:09 2004-10-02 -0700, Jeff Chan wrote:
On Saturday, October 2, 2004, 4:34:34 AM, Patrik Nilsson wrote:
http://groups.google.com/groups?selm=2b379589.0406081103.7c29a65e%40posting.google.com
http://groups.google.com/groups?selm=2b379589.0406070444.4f892be7%40posting.googl
That's interesting, but that's not the question. We know the guy behind the site is a piece of brown something.
The question is whether it has legitimate uses. I personally think these sites are mostly abusive scams, but I'd like to know if they have legitimate uses.
And I think each and every hit on namesdatabase.com in google groups, not just nanas hits, show that you have to stretch your definition of legitimate use beyond reason for it to include namesdatabase.com.
People being tricked into partaking in scams do not qualify as legit use, even if they don't realize that they are contributing to a scam.
It's not our job to tell people they're stupid. If they're using these sites legitimately we don't want to block their mail. They will need to get their own clue. We are not the clue police. ;-)
At 06:58 2004-10-02 -0700, Jeff Chan wrote:
Like sendafriend, this site is subject to abuse with an open subscription page, and probably has borderline spammers harvesting and marketing behind it, but since it can get mentioned in hams, I am whitelisting sacredpages.com .
Ok, so now it should be "If it *can* appear in hams, then don't list it.", Not "If it *does" appear..."?
patrik
To me it's the same. Ham = don't list.
Jeff C. -- "If it appears in hams, then don't list it."
----- Original Message ----- From: "Jeff Chan" jeffc@surbl.org
Ok, so now it should be "If it *can* appear in hams, then don't list
it.",
Not "If it *does" appear..."?
patrik
To me it's the same. Ham = don't list.
I guess we need to come to some kind of consensus on what is the higher priority of SURBL, the potential blocking of legitimate mail or the potential delivery of spam. With that understanding, our process becomes much easier to define. In my mind, I would rather deliver a few spam than block legitimate mail from getting delivered. So with this basic tenant, I would have to lean towards Jeff's listing philosophy. What do others here think?
I know that other URI lists will crop up over time, just like RBLs and RHSBLs have, and some will be more aggressive than SURBL, just like other RBL/RHSBLs are more aggressive than others. I think the paradigm that Jeff is trying to follow with SURBL is the more accurate/less aggressive posturing of something like the SBL RBL list. Whereas others here seem to want something more aggressive, like possibly the SPEWS RBL list, where collateral damage is to be expected.
I think that if some here want a more aggressive listing policy, than they should consider setting up a new URI list, like the UC list maintainers are working on, and define and support a more aggressive listing policy. Then people can gauge their level of tolerance, based on the particular list's reputation, and decide accordingly what lists they what to use.
Just my 2 cents...
Bill
I guess we need to come to some kind of consensus on what is the higher
Sorry... I haven't been reading the list messages as closely as in the past few days as unusual (my computer crashed a few days ago and I've been setting up a new system this weekend)
...but I did catch this message from Bill, and I couldn't help but think "haven't we been here before and didn't we already debate this stuff endlessly and didn't we already come to several fairly strong decisions?"
I think that the basic idea behind SURBL is that we want mail administrators using SURBL to be able to use it in a "set it and forget it mode" there they practically never have to audit it or check behind it and can sleep well at night knowing that the chances of getting a call the next morning from an angry client regarding blocked mail practically never happens with regard to SURBL-blocked mail.
FOR EXAMPLE: That same mail administrator may have OTHER blocking methods that are more aggressive... but he doesn't mind doing more auditing and filter adjustments for these because, even though these may be more likely to have FPs, these (that got past SURBL and whatever conservative RBL checking) represent a rather meager percentage of the total spam blocked. In other words, after 10,000 spams were blocked by SURBL and RBL checking, the mail administrator doesn't mind that his OTHER blocking methods which blocked another 800 messages require some occasional auditing/checking/filter adjusting. He is just thinking, "thank God I don't have worry about that pile of 10,000 messages"
Make sense? Isn't that what we already decided? And isn't Ryan's other list for "UC" where the just-barely-not-listed in SURBL are suppose to go?
Rob McEwen
Rob McEwen wrote to 'SURBL Discussion list':
FOR EXAMPLE: That same mail administrator may have OTHER blocking methods that are more aggressive... but he doesn't mind doing more auditing and filter adjustments for these because, even though these may be more likely to have FPs, these (that got past SURBL and whatever conservative RBL checking) represent a rather meager percentage of the total spam blocked. In other words, after 10,000 spams were blocked by SURBL and RBL checking, the mail administrator doesn't mind that his OTHER blocking methods which blocked another 800 messages require some occasional auditing/checking/filter adjusting. He is just thinking, "thank God I don't have worry about that pile of 10,000 messages"
Make sense? Isn't that what we already decided? And isn't Ryan's other list for "UC" where the just-barely-not-listed in SURBL are suppose to go?
Essentially, yes. UC is not more aggressive *by definition*, but it certainly has the potential to hit on ham, which is why it is, in some ways, fundamentally different than the SURBL philosophy. I.e., it is not a "block list", but more of a "spam sign" list. That's where the divide exists in many of these black/white list discussions. There seem to be camps of people that think in terms of one, or the other, but comparatively few people seem to look at both approaches.
I'm confident, though, that once UC grows to a statistically significant size, the FP rate will nonetheless be quite low indeed.
- Ryan
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Rob McEwen writes:
I guess we need to come to some kind of consensus on what is the higher
Sorry... I haven't been reading the list messages as closely as in the past few days as unusual (my computer crashed a few days ago and I've been setting up a new system this weekend)
...but I did catch this message from Bill, and I couldn't help but think "haven't we been here before and didn't we already debate this stuff endlessly and didn't we already come to several fairly strong decisions?"
I think that the basic idea behind SURBL is that we want mail administrators using SURBL to be able to use it in a "set it and forget it mode" there they practically never have to audit it or check behind it and can sleep well at night knowing that the chances of getting a call the next morning from an angry client regarding blocked mail practically never happens with regard to SURBL-blocked mail.
FOR EXAMPLE: That same mail administrator may have OTHER blocking methods that are more aggressive... but he doesn't mind doing more auditing and filter adjustments for these because, even though these may be more likely to have FPs, these (that got past SURBL and whatever conservative RBL checking) represent a rather meager percentage of the total spam blocked. In other words, after 10,000 spams were blocked by SURBL and RBL checking, the mail administrator doesn't mind that his OTHER blocking methods which blocked another 800 messages require some occasional auditing/checking/filter adjusting. He is just thinking, "thank God I don't have worry about that pile of 10,000 messages"
Yep. bear in mind that many mail admins *are* using high-FP bls like SPEWS, and *don't even realise what that means*.
I know because SpamAssassin's mailing list host is listed in SPEWS ;)
I'm 100% behind Jeff's position here; "set and forget" is the only *useful* mode for a BL, even if that means it doesn't hit 100% of the spam out there.
- --j.
Jeff Chan wrote:
if we wanted to block all spam we could list *
Works in both directions, if you wanted to white list sites with some potential "legitimate use" (and your last message indicated that this includes abusive scams), then you could white list *.
we have some good spam sources and we need to find ways to eliminate false positives.
You have collected some ways in the new listing policy. If you need more ways you could test the PR (it's probably not much better than Alexa, but you could test it with IE - sorry, I can't help you there, I've never implemented the hack to get a PR without IE, I only know that it exists ;-).
We are not trying to "find every spammer."
I know. But sometimes you're apparently trying to find every not-yet-spammer, and for obvious reasons both ways won't work.
we would have lists that were largely unusable.
Yes, there are too many domains to list them all. Just ignore dubious cases until they really show up somewhere. BLs without any FPs are IMHO technically impossible, unless they are empty.
Bye, Frank
On Sunday, October 3, 2004, 3:05:38 PM, Frank Ellermann wrote:
We are not trying to "find every spammer."
I know. But sometimes you're apparently trying to find every not-yet-spammer, and for obvious reasons both ways won't work.
The question is very simple. If a domain could appear in ordinary ham by ordinary users (i.e. not spammers) then we should not list it.
Hopefully we all agree that we don't want to block hams.
we would have lists that were largely unusable.
Yes, there are too many domains to list them all. Just ignore dubious cases until they really show up somewhere. BLs without any FPs are IMHO technically impossible, unless they are empty.
Probably true, but we can still try to reduce FPs.
Jeff C. -- "If it appears in hams, then don't list it."
-
Alex Broens -
Bill Landry -
Bitz -
Frank Ellermann -
Jeff Chan -
jm@jmason.org -
Joe Wein -
Patrik Nilsson -
Rob McEwen -
Ryan Thompson