Two more FPs in WS.
ientryMUNGEDmail.com
The domain is used for mailing list management by the ientry network, we have several confirmed legit subscribers to their WebProNews, newsletter.
siteproMUNGEDnews.com
Once again several confirmed subscribers, mainly web designers or people who have used their submission services.
Bayes training fixes any problems at my end, or I could locally whitelist, however they shouldn't be listed in WS :-) Both have valid unsubscribe options.
Interesting reading comments about FPs over the last week. I think because of the global ramifications of these lists we need to make sure that spam is definately spam and borderline is excluded from listings.
Otherwise the lists just become personal preferences of what we want to see in our mailboxes!!
Regards,
Joseph
On Monday, August 16, 2004, 6:53:07 PM, Joseph Burford wrote:
Two more FPs in WS.
ientryMUNGEDmail.com
The domain is used for mailing list management by the ientry network, we have several confirmed legit subscribers to their WebProNews, newsletter.
siteproMUNGEDnews.com
Once again several confirmed subscribers, mainly web designers or people who have used their submission services.
Thanks. I've whitelisted them both in SURBLs (plus some related domains like ientry.com/.net and ezinehub.com), but need to ask the WS folks to trace them back and try to eliminate these if there is a class of them.
Bayes training fixes any problems at my end, or I could locally whitelist, however they shouldn't be listed in WS :-) Both have valid unsubscribe options.
Agreed.
Interesting reading comments about FPs over the last week. I think because of the global ramifications of these lists we need to make sure that spam is definately spam and borderline is excluded from listings.
Agreed.
Otherwise the lists just become personal preferences of what we want to see in our mailboxes!!
Agreed.
We need to keep the borderline cases and any domains and IPs with legitimate uses OFF the lists. We're having good success catching the hard core spammers. Everyone please remember that we need to bias the process towards keeping even partially legitimate entries off the lists.
Jeff C. __
Regards,
Joseph _______________________________________________ Discuss mailing list Discuss@lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss
Jeff C.
on Mon, Aug 16, 2004 at 09:47:02PM -0700, Jeff Chan wrote:
We need to keep the borderline cases and any domains and IPs with legitimate uses OFF the lists. We're having good success catching the hard core spammers. Everyone please remember that we need to bias the process towards keeping even partially legitimate entries off the lists.
Got any stats on how many times a domain has to be reported before it has a very low chance of being seen as a FP?
On Monday, August 16, 2004, 10:01:07 PM, Steven Champeon wrote:
on Mon, Aug 16, 2004 at 09:47:02PM -0700, Jeff Chan wrote:
We need to keep the borderline cases and any domains and IPs with legitimate uses OFF the lists. We're having good success catching the hard core spammers. Everyone please remember that we need to bias the process towards keeping even partially legitimate entries off the lists.
Got any stats on how many times a domain has to be reported before it has a very low chance of being seen as a FP?
I don't have stats. IMO the first FP report is too many, and it probably means there are other similar FPs not being reported.
I know that probably sounds a little unreasonable, but I'd like to inculcate a shift in mindset when thinking about SURBLs.
We're not trying to block every last spam, only the pure, professional spammers. That's a very different mindset from the typical spam-fight, but absolutely necessary if we're going to have SURBLs widely used and adopted. We can't list entries that have legitimate uses.
Jeff C.
on Tue, Aug 17, 2004 at 12:05:26AM -0700, Jeff Chan wrote:
On Monday, August 16, 2004, 10:01:07 PM, Steven Champeon wrote:
on Mon, Aug 16, 2004 at 09:47:02PM -0700, Jeff Chan wrote:
We need to keep the borderline cases and any domains and IPs with legitimate uses OFF the lists. We're having good success catching the hard core spammers. Everyone please remember that we need to bias the process towards keeping even partially legitimate entries off the lists.
Got any stats on how many times a domain has to be reported before it has a very low chance of being seen as a FP?
I don't have stats. IMO the first FP report is too many, and it probably means there are other similar FPs not being reported.
No, no - I mean, can we determine whether a domains is less likely to be considered an FP if multiple people report it? Therefore, scale according to the weight given the reports?
I know that probably sounds a little unreasonable, but I'd like to inculcate a shift in mindset when thinking about SURBLs.
We're not trying to block every last spam, only the pure, professional spammers. That's a very different mindset from the typical spam-fight, but absolutely necessary if we're going to have SURBLs widely used and adopted. We can't list entries that have legitimate uses.
Yes, I understand. That's why I haven't bothered to report delta.com, even though they're a bunch of incompetent spambags. But I also cannot take the time to maintain separate lists of domains - one for header blocking and another for body blocking - nor can I segregate my one list (now at ~139K domains) into two. So when I report, I'm almost always reporting domains I'm going to block either in the body or headers.
On the other hand, I /don't/ blacklist domains I think might show up in legit mail, anyway, even if I want to. My goal is to keep out the scumbags and reduce my FP rate on quarantined mail.
On Tue, 17 Aug 2004, Steven Champeon wrote:
----snip----
Got any stats on how many times a domain has to be reported before it has a very low chance of being seen as a FP?
I don't have stats. IMO the first FP report is too many, and it probably means there are other similar FPs not being reported.
No, no - I mean, can we determine whether a domains is less likely to be considered an FP if multiple people report it? Therefore, scale according to the weight given the reports?
----snip---
The AbuseButler data seems to have had a fairly low FP rate in large part because it is based on weighted reporting. Only the most frequently reported domains make it onto the list. It isn't perfect and there have been some FPs (mainly on very popular brand name domains that are misreported and get past whitelisting). If other folks want to pass along their URI hits to help improve the volume ratings feel free to drop me a line. At the moment weighted SpamCop data is still the largest source of data, but private trap data volume is growing.
-- Andy Warner andy@andy.net http://spamvertised.abusebutler.com/
On Tuesday, August 17, 2004, 8:25:31 AM, Andy Warner wrote:
The AbuseButler data seems to have had a fairly low FP rate in large part because it is based on weighted reporting. Only the most frequently reported domains make it onto the list. It isn't perfect and there have been some FPs (mainly on very popular brand name domains that are misreported and get past whitelisting). If other folks want to pass along their URI hits to help improve the volume ratings feel free to drop me a line. At the moment weighted SpamCop data is still the largest source of data, but private trap data volume is growing.
The data in sc.surbl.org is also weighted based on number of reports. (You and I came up with very similar solutions for handling the SpamCop data.)
But the WS list source data does not always have this "spam volume" data behind it. In some cases, the source data are just singular lists with no counts of how often they appeared in spam. So weighting is probably not available across all of the WS data.
I agree it's a useful concept though. I think of it as a form of voting
Jeff C.
On Mon, 23 Aug 2004 02:10:07 -0700, Jeff Chan jeffc@surbl.org wrote:
But the WS list source data does not always have this "spam volume" data behind it. In some cases, the source data are just singular lists with no counts of how often they appeared in spam. So weighting is probably not available across all of the WS data.
I think if a generic enough tracking and listing system was developed WS contributors could all submit using it. I realise this may be a lot of work to create, but it would surely become a very useful tool for all inds of abuse desks everywhere..
I've long dreamed of a system which has an inbound "queue" of messages which I can reate rules against, hit refresh and see how many of the messages would get through, then move on the create rules (read SURBL listings) against the next message until no more messages in the inbound queue exist.
Just an idea, unfortunately I'm not the worlds most gifted developer or I'd do it myself.
On Tuesday, August 17, 2004, 8:15:45 AM, Steven Champeon wrote:
can we determine whether a domains is less likely to be considered an FP if multiple people report it? Therefore, scale according to the weight given the reports?
That's an interesting idea, but so far as I'm aware we have not gotten multiple reports about any given FP domain yet. As with most things, FPs are probably underreported. IMO Our focus should be on keeping FPs out of the data in the first place.
Jeff C.
On Monday, August 16, 2004, 6:53:07 PM, Joseph Burford wrote:
Two more FPs in WS.
ientryMUNGEDmail.com
The domain is used for mailing list management by the ientry network, we have several confirmed legit subscribers to their WebProNews, newsletter.
siteproMUNGEDnews.com
Once again several confirmed subscribers, mainly web designers or people who have used their submission services.
Judging by NANAS records in google, it looks like webpronews.com and sitepronews.com may respectively be now a spammer and a spammer. I wonder if you can explain if you feel there's any connection between these, given that you mentioned them together in the same message.
Jeff C.
[s/now/not/]
On Monday, August 16, 2004, 6:53:07 PM, Joseph Burford wrote:
Two more FPs in WS.
ientryMUNGEDmail.com
The domain is used for mailing list management by the ientry network, we have several confirmed legit subscribers to their WebProNews, newsletter.
siteproMUNGEDnews.com
Once again several confirmed subscribers, mainly web designers or people who have used their submission services.
Judging by NANAS hits in google, it looks like webpronews.com and sitepronews.com may respectively be not a spammer and a spammer. I wonder if you can explain if you feel there's any connection between these, given that you mentioned them together in the same message.
Jeff C.
-
Andy Warner -
David Hooton -
Jeff Chan -
Joseph Burford -
Steven Champeon