[SURBL-Discuss] Whitelist discussion

Jeff Chan jeffc at surbl.org
Thu May 13 15:36:40 CEST 2004


On Thursday, May 13, 2004, 9:06:01 AM, William Stearns wrote:
> On Thu, 13 May 2004, Chris Santerre wrote:

>> So what do we do with candidates for whitelists? Also, what do we do with

>         My suggestion is that each of us maintains a file of whitelist 
> domains (I'm defining those as "domains that should never be blacklisted", 
> such as generic ISPs, free web site providers, etc; see my document from a 
> week or so back).  Those whitelists will all be checked as part of Paul's 
> new project.

I'd like to get ahold of any thoroughly checked whitelists to use
to prevent white and grey domains from getting onto SURBLs, so
let's share them if we can do it safely.

>> things that should NOT be whitelisted, but NOT reported as spam? Examples
>> are cacheing services. Which are often used by spammers for images, but
>> legit as well. 

>         Caching services (akamai) and redirectors (msn, yahoo) go in the 
> same category for me; they get whitelisted because they can be used by 
> spam and legitimate mail.

Agreed.  I do the same.

> I juts removed the last vestiges of yahoo's 
> redirectors from the sa-blacklist this morning; I figure that the surbl 
> parsing code needs to handle those; if those packages do their job right, 

> http://rd.yahoo.com/*http://bigspammer.com

>         should show up as a query for bigspammer.com to the surbl lists.
>         I'm maintaining a file of redirector examples and have sent off 
> previous versions of that file to Justin and Erik.

Exactly.  The parsing code needs to find the real spammer domain.
Where it can't or if it queries on the redirectors, we need to
whitelist the redirection sites (actually their domains) to
prevent the redirection sites from being used to tag a message as
spam. 

> http://www.stearns.org/sa-blacklist/redirector-examples.current.txt

Looks good.  I have those on my whitelist:

msn.com
yahoo.com
aol.com
google.ca
free.fr
google.com
ebay.com

>> I think images.exactis.com is one. And of course we have all the akamai.net
>> servers. 

>         I already have exactis.com and akamai.com/akamaitech.net on my 
> whitelist.

Had the akamais on my whitelist, but not exactis.com.  Added.

Jeff C.



More information about the Discuss mailing list