Wow I just read this :) I'm Top posting so SARE knows who the heck its
coming from :)
Not all of SARE is involved in SURBL. We've had to split our time up. I
myself have put way more time into SURBL then SARE the last several months.
Thankfully those ninjas keep on trucking! (I've got a ruleset in
development, I swear!!) :)
There are some test going on with automation of some of the processes.
However it does result in a 'few' FPs that we don't like. It is still being
tweaked.
Personally I spend about 1-3 hours a day on SURBL, sometimes more. But I go
way beyond the simple listing of domains. Researching the data brings forth
much more info. Listing domains can be quite fast if you throw out the
questionible ones.
The main problem is trust. We simply need to keep SURBL contributors to a
choice few. FPs are our enemy, more so then the actual spam :) There are
plenty of people we trust, but few who have the time.
I like your solution, but it might be just as easy to add 2 more trusted
contributors.
-----Original Message-----
From: Matthew Wilson [mailto:matthew@boomer.com]
Sent: Wednesday, February 09, 2005 9:17 PM
To: SURBL Discussion list
Subject: Scheduled, Distributed Email Stream Monitoring
For the SARE and SURBL folks -
I would love to decrease the delay between when a spammy URL appears in
the message stream and when it's submitted to the WS SURBL gods for
blacklisting. Here is an idea that may have been discussed before; if
so, just ignore it. :)
Currently, the SARE guys have some kind of rotating schedule of who
checks the WS submissions, correct?
Wouldn't it be nice if there were some kind of similar volunteer-based
rotating schedule that listed who would be responsible for monitoring
the raw message stream and submitting unlisted spam domains? This kind
of anonymous schedule handled through rulesemporium.com, and if you had
some sort of accountability enforcement.
For instance, each submitter could log in with an account, so the
validity of their WS SURBL submissions could be tracked by the SARE
folks. If they're submitting a bunch of bogus domains or non-spam
domains, their account would be disabled.
Each submitter could sign up for a 15-minute slice of time per week
(dividing the week into 672 timeslots), and of course more than 1
submitter could take a timeslot, and each submitter could take
more than
one timeslot.
Each submitter's "record" (domains successfully submitted and
blacklisted) would be *anonymously* available to the public through
rulesemporium.com, as a form of reputation incentive.
Benefits:
- The SURBL community would have the confidence that the
message stream
is being monitored by *someone* at all times.
- Each individual member of the SURBL community would have a higher
incentive to sacrifice some of each's time to submit spammed domains.
The higher incentive is the knowledge the the community is (in a sense)
depending on them to submit spammed domains within that certain period
of time. The additional incentive to report would come from a decent
assurance that it is far less likely that someone else is reporting the
same domain, and hence it's less likely that any given submission would
be a duplicate.
- WS SURBL's reporting latency would hopefully decrease, because more
people would be submitting.
My Motivation:
What prompted me to write this was the fact that some of my customers
were complaining that lots of spams were slipping through, so I spent
about 30 minutes looking at the false negatives, and all of the domains
but 1 of the ones I looked at were not yet listed in SURBL. So I
submitted 10-15 domains, and thought to myself... I would do this more
often and on a regular schedule if only I knew that others were also
willing to sacrifice 15-30 minutes out of their week to the same
cause......
Thanks for taking the time to read this suggestion.
Matthew Wilson
matthew@boomer.com
Chris Santerre
Jeff Chan