[SURBL-Discuss] SURBL WS test scores in SA 3.0

Alex Broens surbl at alexb.ch
Sun Aug 29 14:19:46 CEST 2004


----- Original Message ----- 
From: "Jeff Chan" <jeffc at surbl.org>
To: "SURBL Discussion list" <discuss at lists.surbl.org>
Sent: Sunday, August 29, 2004 11:15 AM
Subject: Re: [SURBL-Discuss] SURBL WS test scores in SA 3.0


> On Sunday, August 29, 2004, 1:41:43 AM, Alex Broens wrote:
> > From: "Raymond Dijkxhoorn" <raymond at prolocation.net>
>
> >> > For example, obviously, there are going to be many Fortune 500
companies
> > who
> >> > will get away with the worst kinds of harvesting of e-mails from web
> > sites
> >> > for spamming. Surely, most of the time, their legal departments will
> > prevent
> >> > this because their "deep pockets" cannot afford to pursue such risky
> >> > business practices. But in the event that one DOES do this, we would
> >> > obviously not want to include them in SURBL, even with their bad
> > behavior.
> >>
> >> What are your thoughts about leveling the lists, so for example we can
> >> make a new evil.surbl.org, where we also state 'dont use this at home,
> >> unless...' then we can shift those 'grey area domains' to the new list
and
> >> we all can be happy.
> >>
> >> There will be more and more trying to be gray, and its not like a
hardcore
> >> spammer can send out 1 legit mailing and be whitelisted all at once...
>
> > Supported.... I'd even say ws.subrl.org should be this list..... and let
> > spamcop and the rest be more lenient.
> > Adding another list would probably just complicate the choice, while
making
> > ws. (if Bill approves) the more strict list, users have the choice to
set
> > their score accordingly.
>
> I disagree.  Making lists overly inclusive and increasing the
> false positives is how many anti-spam efforts fail.  We
> should stay focussed on catching the hard core spammers
> since they are responsible for most of the abuse.

Jeff,
If you have 25k users....... see 15k of each spam flood and the user base is
totally mixed then does that come from "hard core" spammers?

- Zombies or fixed IP? imho its irrelevant.
- Who defines "most abuse" & how?
- There's spammers who have been around for years, from fixed IPs and
although they're so called "whitehats",  business with a reputation and an
attitude (Dell?)  and users report that no matter what you do, an opt-out
isn't respected....

> Also anyone not using zombies can be easily blocked with
> conventional RBLs at a vastly lower computational cost.

Dunno..... In the last few days I've seen trash coming from dialups which
weren't in any RBL. Only a fast entry in my local SURBL zone stopped the
flood from reaching more than a couple of users.
(1 minute update)

> There really isn't much point in adding anyone who sends
> spam from fixed IP addresses since they are dropped so
> much easier and faster with a regular RBL.

IF they ever make it to an RBL. my thought is that they should complement
each other. Lots of stuff from fixed IPs never makes it to Spamcop or
Spamhaus if nobody reports it. They're not any better than SURBL or the
other way round.

If you use Spamcop intensely, depending where you're based and what your
user base it like, you'd be in trouble.
Same "could" apply for SURBL. None will ever be the prefect solution, both
will do magic if used correctly.

An admin filtering for an Austria based old ppl's home will hardly get a
false positive from SURBL or Spamcop, while a US ISP will.

 Oh well... politics... the more of them happening, the faster heads get
heated up or small parties get formed.
Will personally keep on reporting and hope my judgement doesn't cause
anybody grief, and if it would, just kick me out.

Lets all enjoy Sunday and a great Formula 1 race in Belgium :-)

Alex




More information about the Discuss mailing list