[SURBL-Discuss] Re: Jeff's whitelists

Jeff Chan jeffc at surbl.org
Fri Jul 16 02:16:57 CEST 2004


On Thursday, July 15, 2004, 7:43:56 PM, Frank Ellermann wrote:
> Jeff Chan wrote:

>  [spamarrest.com]
>> Why would a nominally antispam company spam people?

> That's a C/R system on the surface.  I've got dozens of
> challenges from this orgaization, all spamming for their
> "services" (= C/R) incl. affiliate and Webmaster programs.

> The "confirmations" are picture puzzles (like UOL etc.),
> but very often they don't work, so I'm not sure whose
> pictures they use.  Maybe they are stolen and abused to
> create spammer accounts elsewhere, it won't surprise me.

Interesting.  I've not gotten a spam from them so I don't
have any specific examples.  Maybe you could forward one to me
off list and explain how you think they got your address.  I see
two SpamCop reports about them currently.  They may be one of
those gray domains that we might not want blocking on.  Right
now I don't have enough information to say one way or the other.

> Please stop to whitelist dubious organizations based on
> vague criteria like "publicly listed, subject to laws".

Actually it's pretty specific and not vague.  In practice
sc.surbl.org gets very few whitelist hits of any kind, and
as a percentage of records per list, the whitelist hits for the
other lists are very minor.  I'm pretty confident that we're
mostly catching the bad guys and not catching the good guys,
though I'm always interested in specific counterexamples.

> With that policy you would whitelist "via gra", because it
> is a product of Pfizer.com ("publicly listed").

pfizer.com is whitelisted.  Via gra is not a company so
it's not.  In any case the legitimate drug makers and their
products are much less of a problem than the actual
pharmaspammers.

> Or you
> would whitelist CAN-SPAM spam ("subject to laws").

I agree many of the CAN-SPAM policies are broken.
Where they are broken we will probably not whitelist.
(Nor are we attempting to whitelist CAN-SPAM activity;
generally we let the data speak for itself.)

Jeff C.



More information about the Discuss mailing list