After looking at NANAS hits for FPs, in particular the reporting parties and the destination addresses, I have a theory about some of the FPs. I think some anti-spam zealots may be deliberately subscribing spam traps, either their own or third parties' like Outblaze, to sites with open subscriptions. If so, they're probably doing it to draw attention to the fact that the sites have unconfirmed subscriptions.
Or they could be cracker/spammer types trying to use them to poison the spamtrap feeds and therefore diminish the usefulness of data from them. This type of poisoning is a distinct possibility since it would appear that the "spams" (usually subscription newsletters) do appear to come from those sites or senders.
I think we should consider the possibilities that either type of people (or even bots) could be adding otherwise legitimate sites to traps this way. (It would be trivially easy to write a spider to subscribe spamtrap or their own address to open subscription sites, and given some of the repeated reporters in NANAS, someone may have done that.)
Whatever their reasons, we should not fall into this trap and list otherwise legitimate sites just because they have open subscriptions. Doing so probably diminishes the usefulness of SURBLs by increasing false positives.
Comments,
Jeff C. -- "If it appears in hams, then don't list it."
Recently, a high-profile news web site (ranked about 1,500 on alexa.com) had the IP address of the server sending their newsletters blocked by bl.spamcop.net
I contacted someone from SpamCop and they mentioned that, upon investigation, this site had an "open loop" newsletter subscription.
Recognizing that open loop subscriptions is a bad policy... this is one of the reasons that, IMHO, SpamCop's RBL is much too aggressive to use for all-or-none, "yes/no" blocking. (Though I do use it for auditing.)
More importantly, I hope that this kind of stuff does NOT **automatically** get propagated from SpamCop to SURBL? (Though I'm largely unfamiliar with this process.)
Rob McEwen
On Saturday, October 16, 2004, 6:57:56 AM, Rob McEwen wrote:
Recently, a high-profile news web site (ranked about 1,500 on alexa.com) had the IP address of the server sending their newsletters blocked by bl.spamcop.net
I contacted someone from SpamCop and they mentioned that, upon investigation, this site had an "open loop" newsletter subscription.
Recognizing that open loop subscriptions is a bad policy... this is one of the reasons that, IMHO, SpamCop's RBL is much too aggressive to use for all-or-none, "yes/no" blocking. (Though I do use it for auditing.)
More importantly, I hope that this kind of stuff does NOT **automatically** get propagated from SpamCop to SURBL? (Though I'm largely unfamiliar with this process.)
The SpamCop RBL and our use of SpamCop's Spmavertised site data are totally unconnected, aside from using some of the same reports as input data. Their BL policies have no effect on our sc.surbl.org policies.
The problem with these open subscriptions getting onto SURBLs is happening on OB, the Outblaze spamtrap SURBL, and WS, the manual and some spamtrap SURBL. That, plus some looking at the NANAS reports leads me to think some spamtraps may be getting poisoned with these open subscription domains. The poisoning may be deliberate or unintentional, with good intentions or bad, but either way most of these open subscription sites should not be getting onto our lists since many have otherwise legitimate uses.
Obviously open subscriptions are an extremely poor practice and open for abuse, but that alone should not be a reason to get listed in a SURBL, especially for otherwise legitimate industrial/engineering/child protection sites, etc.
Jeff C. -- "If it appears in hams, then don't list it."
-
Jeff Chan -
Rob McEwen