[SURBL-Discuss] general questions.....

Steven Champeon schampeo at hesketh.com
Wed Nov 24 15:47:56 CET 2004

on Tue, Nov 23, 2004 at 01:58:55PM -0800, Jeff Chan wrote:
> On Tuesday, November 23, 2004, 12:25:16 PM, Steven Champeon wrote:
> > For me, I'm coming to the point of simply distinguishing between mail
> > delivery attempts that occur in the context of abusive behavior (e.g.,
> > as part of the same session that tries to deliver to a spamtrap) or has
> > so many things wrong with either the remote host (no rDNS, mismatch rDNS
> > and HELO, known forged HELO, HELO as blacklisted domain, etc.) or with
> > the message itself (missing Message-ID, tracking device header,
> > misleading MIME content-type - ie, multipart/mixed with only one part,
> > which though legal (!) is a very strong indicator of spam, etc.)
> Which is ok for a breadth first approach that you guys take.
> But for SURBLs we need that narrowed down to 100% pure spammers
> only.  That's probably an impossible task, but that should be
> our goal.

Yeah, I understand that completely.
> > I see a future in which legit mail servers are simply expected to be
> > configured within a reasonable bound, and act in reasonably nonabusive
> > ways, or else their mail will be rejected. Here, anyway. Unfortunately,
> > the spammers will likely simply beat us to it, so even these checks
> > become less useful. 
> Yeah, it just means the spammers will need to fake or steal
> services better.  That's why sender checks are probably less
> useful than content checks.

I dunno - with 50 million (or more) zombies out there? Sender checks
are going to be useful for a good long time. As long as we can keep the
fixed-netblock spammers in check with DNSBLs like SBL we'll do well.

join us!   http://hesketh.com/about/careers/web_designer.html       join us! 
hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2554 w: http://hesketh.com
join us!   http://hesketh.com/about/careers/account_manager.html    join us!

More information about the Discuss mailing list