[SURBL-Discuss] BigEvil + MidEvil as SURBL
Jeff Chan
jeffc at surbl.org
Wed Apr 21 17:08:17 CEST 2004
On Wednesday, April 21, 2004, 3:16:12 PM, Simon Byrnand wrote:
> At 09:49 22/04/2004, you wrote:
>> >> > 1) BigEvil wildcards. Not sure how you would handle these.
>> >> Something like
>> >> > evil\d{2,4}spam\.com is a general wildcard. Some of those
>> >> domains don't even
>> >> > exhist. Not sure how SURBL will handle that.
>> >>
>> >> Yes, I should have mentioned that I'm simply discarding them.
>> >> Unfortunately there's no easy way to deal with them. Domains
>> >> without any patterns in them, which are a majority, come right
>> >> through. The script is at:
>>
>> > Can we make sure that when you announce this to the public that they know
>> > this! :)
>> > I can see the flurry of emails now.
> Right near the top of
> http://spamcheck.freeapp.net/bigevil.domains.afterwhitelist there is
> 123-ebiz - is that a mistake or parsing error ?
Good eye. I think that may be a bug in the original BigEvil.cf
rules for Chris to fix since it fell right out of the
expand_regex.pl that way: 123\-ebiz (i.e. without a TLD). For
now I'll stop it from getting into the RBLs with a manual
whitelist, though it likely hurts nothing to have it in there.
>>But frankly I like the fact that there is some overlap in the
>>lists. In a sense that represents multiple reporting; i.e.
>>a domain in more than one list is more likely a bad guy.
>>I don't think we should lose that coding.
>>
>>YMMV, but I'd say keep any overlap in BE. It's a feature not
>>a bug.
> I think so too. What some people suggesting merging are forgetting, is with
> lists with totally different sources, that whether a given URL is listed in
> one two or three of the lists IS an extra piece of information, something
> listed in all three is more likely to be correct than one listed on only
> one of the lists.
> The SA approach of assigning a score to each list based on it's relative
> merits, and the scores ADDING if they're in multiple lists seems to be a
> sensible approach to me...
We can merge the lists in a way to preserve the fact that the
entries came from multiple lists. That's what the bitmasked
single A record versus multiple A record discussion was about.
> Of course there is nothing to stop you having merged lists available AS
> WELL for those that are willing to take the risk of one higher scoring
> merged list...with choice, everyone is happy ;)
> By the way, am I jumping the gun here or is be.surbl.org ready to go, or
> should I wait a bit ? :)
It's pretty much ready. We got good feedback from Chris
Santerre. I need to update the web site and announce it.
Still waiting to hear back from some of the secondary DNS
admins....
Jeff C.
More information about the Discuss
mailing list