Jeff Chan wrote:
The idea is to have a "golden" list that is so accurate (for spams it does identify) and has so few FPs that it would be safe to block outright at the MTA level, for example.
An MTA milter or plugin probably can't determine that from multi alone (i.e. looking at all the lists), so I'm wondering if we can create a list for that purpose out of the existing lists.
SpamAssassin does have "meta" rules. Look at NIGERIAN_BODY4 or UPPERCASE_75_100 in 20_meta_tests.cf.
meta SURBL_3 (URIBL_JP_SURBL + URIBL_AB_SURBL + URIBL_PH_SURBL + URIBL_SC_SURBL + URIBL_WS_SURBL + URIBL_OB_SURBL) > 2 describe SURBL_3 Contains URIs in at least 3 blacklists score SURBL_3 3
True, that would also catch messages with one URI in JP, a different URI in AB, a third URI in OB, and no actual overlap, but that's not very likely...
RE: safe.surbl.org concerns
While I do see the reasoning behind the need for a "golden" list that users can feel **particularly** secure about using in a MTA-like "set it and forget it" type of blocking... I can help but wonder:
(1) Wasn't the original goal of ALL surbl.org to have a low enough FP rate to be able to operate in "set it and forget it" MTA-like blocking mode? (I guess the answer to this question is that Fortune-500 types want a really, really powerful assurance that they can employ SURBL with virtually zero FPs?)
(2) Even so, can I (we) be assured that having a "golden" list like this will NOT diminish our standards with the regular list. In other words, I would like to know that the FP rate of the regular list will at least stay the same (and hopefully continue to improve). I'd hate to see SURBL administrators get "slack" by virtue of thinking "well, if they wanted **that** level of low FPs, they should have used the golden list."
Rob McEwen
On Friday, November 12, 2004, 6:16:48 PM, Rob McEwen wrote:
RE: safe.surbl.org concerns
While I do see the reasoning behind the need for a "golden" list that users can feel **particularly** secure about using in a MTA-like "set it and forget it" type of blocking... I can help but wonder:
(1) Wasn't the original goal of ALL surbl.org to have a low enough FP rate to be able to operate in "set it and forget it" MTA-like blocking mode? (I guess the answer to this question is that Fortune-500 types want a really, really powerful assurance that they can employ SURBL with virtually zero FPs?)
Yes, but it seems really difficult to achieve perfection in any given list.
This is a proposal for some experiments to see if we can derive a "carrier grade" list, as Carl Friend called it off list, from some of the existing data. Haven't picked any names yet.
(2) Even so, can I (we) be assured that having a "golden" list like this will NOT diminish our standards with the regular list.
Yes, we will not be dumping a bunch of grey entries into any of the existing lists.
In other words, I would like to know that the FP rate of the regular list will at least stay the same (and hopefully continue to improve).
Yes, that's what should happen. The FPs per existing list should remain stable or be further improved. That remains a goal.
I'd hate to see SURBL administrators get "slack" by virtue of thinking "well, if they wanted **that** level of low FPs, they should have used the golden list."
I agree. We should not let that happen. As far as I'm concerned our biggest challenge is reducing FPs. We're already doing a good job of catching spam.
Jeff C. -- "If it appears in hams, then don't list it."
-
Jeff Chan -
Rich Graves -
Rob McEwen