[SURBL-Discuss] SURBL WS test scores in SA 3.0

Jeff Chan jeffc at surbl.org
Sun Aug 29 06:21:43 CEST 2004 

On Sunday, August 29, 2004, 4:19:46 AM, Alex Broens wrote:
> - Zombies or fixed IP? imho its irrelevant.

No it's very relevant.  Any spam that comes from a fixed IP can
be blocked on a local or global RBL.

SURBLs are most useful to catch the ones that can't be caught
that way due to zombies, etc.

> - Who defines "most abuse" & how?

Mainly the spammers do, by their own actions.  Clearly breaking
into someone's (insecure) computer and stealing services and
bandwidth from it are abusive.  Clearly sending 10,000 spams
to get 1 through the filters is abusive.  Those most highly
abusive ones are the most important to catch.  It's made
important simply by their high level of abuse, if nothing else
was even considered.

> - There's spammers who have been around for years, from fixed IPs and
> although they're so called "whitehats",  business with a reputation and an
> attitude (Dell?)  and users report that no matter what you do, an opt-out
> isn't respected....

So blacklist them locally or personally.  We could never list
dell.com because many people might mention them in legitimate
emails. 

Sometimes I wonder if people understand this new paradigm.  ;-)

> Dunno..... In the last few days I've seen trash coming from dialups which
> weren't in any RBL. Only a fast entry in my local SURBL zone stopped the
> flood from reaching more than a couple of users.
> (1 minute update)

Anything coming from zombied dialups is probably the kind of spam
we want to list in SURBLs since there's already theft involved,
though I'd still argue IP based RBLs would do it much more
efficiently.  RBLs are probably still a better solution, i.e.
update the dialup RBLs to have the correct dialup pools.

Also I doubt that Dell uses zombied dialups to deliver their mail.

> An admin filtering for an Austria based old ppl's home will hardly get a
> false positive from SURBL or Spamcop, while a US ISP will.

We need to be conservative in listing.  It's much better to
be able to provide an ISP or telco-grade solution that the
old people's home can feel comfortable with than have a
solution no-one can be comfortable with due to too many FPs.

Jeff C.

More information about the Discuss mailing list