[SURBL-Discuss] Re: Jeff's whitelists

Jeff Chan jeffc at surbl.org
Sat Jul 17 19:51:18 CEST 2004


On Saturday, July 17, 2004, 5:26:35 PM, Frank Ellermann wrote:
> Jeff Chan wrote:

>> that could easily lead to false positives

> There are no "false positives".

Yes, there could be.  If I mention http://www.spamarrest.com/ in
my message, and spamarrest.com is in a SURBL, then my message
could get blocked.  Similarly any other legitimate mentions of
spamarrests web site, including saying "it's a bad company," or
"I use their services," or "I'm filing a complaint against them,"
for examples, could get legitimate messages blocked.  That is a
classic false positive.

Please remember the URI (message body) false positives are really
in a different category than sender IP or sender domain (message
header/envelope) false positives.  If an end user IP address or
ISP mail server domain is listed in a conventional RBL, the
effect is limited to that IP or sender domain.  If a URI is
listed in a SURBL, the effect could be as large as blocking all
messages that happen to mention that URI, which is potentially
much larger in scope. The potential for wide-reaching false
positives is much greater with a SURBL than an envelope RBL.

> The spamarrest challenges are
> spam, triggered by spam to spamarrest customers, and sent to
> the forged addresses in the original spam.  Spamarrest.com is
> only interested to sell more of their snake oil, and as far as
> I'm concerned it's a criminal organization.

> Complete with "webmaster affiliate program", exactly the same
> kind of marketing you find in XXX sites.  Only the "product" is
> different, it's "spam filtering".  The real work is not done by
> spamarrest, it's done by my ISP and me (for all forged @xyzzy
> addresses), or by your ISP and you (for all forged @surbl.org
> addresses), etc.

> Spamarrest.com "sells" your and my bandwidth + harddisk space
> + time.  There are no "legitimate users" or "false positives",
> it's theft.

All of which is probably true, but not entirely relevant to the
question of inclusion, especially when you agree spamarrest is
not originating the messages purely themselves.  A better answer
may be that they have an abuse problem and should fix it.

Since spamarrest appears to be a legitimate company, I'd
recommend reporting your spams to the relevant state and
national governments' anti-spam folks.  That should encourage
spamarrest to fix their problems.  Here are the Washington
state and U.S. government reporting sites:

  http://www.atg.wa.gov/junkemail/

  <https://rn.ftc.gov/pls/dod/wsolcq$.startup?Z_ORG_CODE=PU01>

>> their design is broken, but having a broken design is not
>> enough reason to list them.

> It's not only "broken", it's fraudulent.  It's no free service,
> their users pay for this design, and what they really pay for
> are _our_ resources.
  
> See also <http://openrbl.org/ip/66/150/163/156.htm> for other
> BL entries for the IP [66.150.163.156] in my example.

As I said, our standards for inclusion are significantly higher
than for conventional RBLs, because URI blocking is potentially
much broader in scope.  We really can't have every domain that's
ever been abused a few times or caused someone to be annoyed in
the lists, even if that would be fine for a personal policy,
since doing so could quickly make the lists unusable for too many
people. 

The informal rule should be: if a given domain has any legitimate
mentions in message body URIs, then it probably should not be
listed.

Jeff C.



More information about the Discuss mailing list