[SURBL-Discuss] general questions.....

Jeff Chan jeffc at surbl.org
Tue Nov 23 22:58:55 CET 2004


On Tuesday, November 23, 2004, 12:25:16 PM, Steven Champeon wrote:
> For me, I'm coming to the point of simply distinguishing between mail
> delivery attempts that occur in the context of abusive behavior (e.g.,
> as part of the same session that tries to deliver to a spamtrap) or has
> so many things wrong with either the remote host (no rDNS, mismatch rDNS
> and HELO, known forged HELO, HELO as blacklisted domain, etc.) or with
> the message itself (missing Message-ID, tracking device header,
> misleading MIME content-type - ie, multipart/mixed with only one part,
> which though legal (!) is a very strong indicator of spam, etc.)

Which is ok for a breadth first approach that you guys take.

But for SURBLs we need that narrowed down to 100% pure spammers
only.  That's probably an impossible task, but that should be
our goal.

> I see a future in which legit mail servers are simply expected to be
> configured within a reasonable bound, and act in reasonably nonabusive
> ways, or else their mail will be rejected. Here, anyway. Unfortunately,
> the spammers will likely simply beat us to it, so even these checks
> become less useful. 

Yeah, it just means the spammers will need to fake or steal
services better.  That's why sender checks are probably less
useful than content checks.

Jeff C.
--
"If it appears in hams, then don't list it."



More information about the Discuss mailing list