-----Original Message----- From: Bill Landry [mailto:billl@pointshare.com] Sent: Friday, October 08, 2004 3:06 PM To: SURBL Discussion list Subject: Re: [SURBL-Discuss] RE: Revised DMOZ data, got Wikipedia domains too
----- Original Message ----- From: "Chris Santerre" csanterre@merchantsoverseas.com
I think this is just plain nuts to whitelist all of
these! Why? If we
don't try to whitelist the most popular sites, then what
the heck it
the point? We could whitelist millions of legit domains
forever. The
popular ones are the most important.
The points:
- whitelisting legitimate domains limits the
effectiveness of joe job
attacks that result in FPs in various SURBL blacklists
- whitelisting could be used as negative points for MAIL FROM if combined with SPF (and more domains is better)
Yeah, but not everyone is using SPF yet. But if they were, sure!
In addition:
- I would only whitelist those domains (a) subject to editorial removal (b) so long as their domain registration is old
enough and
(c) so long as they pass other criteria such as no SBL
listing for
NS->A.
Yeah date seems to be key in more and more cases. Granted a
spammer could
buy one of these older ones, but hasn't happened often enough.
- I would maintain the automated whitelist separately
from the human
edited whitelist and handle it differently. For
example, perhaps
automated whitelist entries can only remove a single
blacklist hit
(like SpamCop), but to remove two independent blacklist hits, it requires a human decision.
Did you look at the example from the list I gave? It doesn't
even have a web
page! Just says testing. I'm all for whitelisting, but popular/useful domains only.
so: -1 for adding all those intersected to WL +1 for whitelisting the blacklist hits.
I think there are other options available due to the miracle of programming. ;-)
Well like they say around here, "You can't argue with success."
But taking away spam points based on an autowhitelist still makes me nervous. But you might have a few tricks up your sleeve D.Q.
that I don't
know about yet ;)
If the whitelist is setup as a SURWL, for example, using it or not would be an option to each individual mail administrator. And the negative weight applied to reduce the score would be totally dependant on the discretion of the SURWL user.
True, and having the option is good. Having the work overhead to do that on top of doing the blacklists is not. And the logic stands if it ain't blacklisted, it must be good ;)
--Chris
----- Original Message ----- From: "Chris Santerre" csanterre@merchantsoverseas.com
But taking away spam points based on an autowhitelist still makes me nervous. But you might have a few tricks up your sleeve D.Q.
that I don't
know about yet ;)
If the whitelist is setup as a SURWL, for example, using it or not would be an option to each individual mail administrator. And the negative weight applied to reduce the score would be totally dependant on the discretion of the SURWL user.
True, and having the option is good. Having the work overhead to do that
on
top of doing the blacklists is not. And the logic stands if it ain't blacklisted, it must be good ;)
Yes, but I was thinking of the lists that Jeff was coming up with from wikipedia and dmoz, and other lists like that, that he was thinking about adding to the "absolute" whitelist. I just think they would be better suited to a SURWL list and let people decide whether they want to use it or not, and if so, what kind of points they want to deduct from the score. This I feel is a better solution than having them added to an "absolute" whitelist and having no control over the matter, except to build local white/black lists.
Bill