Wow I just read this :) I'm Top posting so SARE knows who the heck its coming from :)

Not all of SARE is involved in SURBL. We've had to split our time up. I myself have put way more time into SURBL then SARE the last several months. Thankfully those ninjas keep on trucking! (I've got a ruleset in development, I swear!!) :)

There are some test going on with automation of some of the processes. However it does result in a 'few' FPs that we don't like. It is still being tweaked.

Personally I spend about 1-3 hours a day on SURBL, sometimes more. But I go way beyond the simple listing of domains. Researching the data brings forth much more info. Listing domains can be quite fast if you throw out the questionible ones.

The main problem is trust. We simply need to keep SURBL contributors to a choice few. FPs are our enemy, more so then the actual spam :) There are plenty of people we trust, but few who have the time.

I like your solution, but it might be just as easy to add 2 more trusted contributors.

--Chris

-----Original Message----- From: Matthew Wilson [mailto:matthew@boomer.com] Sent: Wednesday, February 09, 2005 9:17 PM To: SURBL Discussion list Subject: Scheduled, Distributed Email Stream Monitoring

For the SARE and SURBL folks -

I would love to decrease the delay between when a spammy URL appears in the message stream and when it's submitted to the WS SURBL gods for blacklisting. Here is an idea that may have been discussed before; if so, just ignore it. :)

Currently, the SARE guys have some kind of rotating schedule of who checks the WS submissions, correct?

Wouldn't it be nice if there were some kind of similar volunteer-based rotating schedule that listed who would be responsible for monitoring the raw message stream and submitting unlisted spam domains? This kind of anonymous schedule handled through rulesemporium.com, and if you had some sort of accountability enforcement.

For instance, each submitter could log in with an account, so the validity of their WS SURBL submissions could be tracked by the SARE folks. If they're submitting a bunch of bogus domains or non-spam domains, their account would be disabled.

Each submitter could sign up for a 15-minute slice of time per week (dividing the week into 672 timeslots), and of course more than 1 submitter could take a timeslot, and each submitter could take more than one timeslot.

Each submitter's "record" (domains successfully submitted and blacklisted) would be *anonymously* available to the public through rulesemporium.com, as a form of reputation incentive.

Benefits:

1. The SURBL community would have the confidence that the

message stream is being monitored by *someone* at all times.

2. Each individual member of the SURBL community would have a higher

incentive to sacrifice some of each's time to submit spammed domains. The higher incentive is the knowledge the the community is (in a sense) depending on them to submit spammed domains within that certain period of time. The additional incentive to report would come from a decent assurance that it is far less likely that someone else is reporting the same domain, and hence it's less likely that any given submission would be a duplicate.

3. WS SURBL's reporting latency would hopefully decrease, because more

people would be submitting.

My Motivation: What prompted me to write this was the fact that some of my customers were complaining that lots of spams were slipping through, so I spent about 30 minutes looking at the false negatives, and all of the domains but 1 of the ones I looked at were not yet listed in SURBL. So I submitted 10-15 domains, and thought to myself... I would do this more often and on a regular schedule if only I knew that others were also willing to sacrifice 15-30 minutes out of their week to the same cause......

Thanks for taking the time to read this suggestion.

Matthew Wilson matthew@boomer.com