[SURBL-Discuss] general questions.....

Jeff Chan jeffc at surbl.org
Thu Nov 25 01:35:09 CET 2004


On Wednesday, November 24, 2004, 7:14:05 AM, Chris Santerre wrote:
>>From: Jeff Chan [mailto:jeffc at surbl.org]

>>> We have seen numerous times a legit company sending a newsletter to a
>>> spamtrap. Numerous reasons and excuses. But they never would 
>>have known
>>> about it if they were not listed. And I think if they send 
>>to a spamtrap we
>>> have a right to list. Regardless of how legit, it is a 
>>wakeup call because
>>> obviously something went wrong to send to a spamtrap. 
>>
>>IMO, It's not our job to "educate" legitimate companies about
>>how to use email. 

> Who's job is it?  That line scares me. You want to solve the spam problem?
> You can't do that with a narrow net.

The main purpose of SURBLs is to catch the most-abusive,
highest-volume, criminal spammers who are using zombies
to send millions of pill, mortgage, warez, porn, gambling, etc.
spams per minute or whatever.  It's not to catch Marshall Fields,
Capital One, Citibank, L.L. Bean, etc.

SURBLs are the narrow net to catch the otherwise uncatchable
spammers who have found ways around conventional RBLs,
linguistic analysis, Bayes, hashes, etc.

Project Honeypot may end up putting some of the harvesters
and their customers in prison.  That may include some
crypto-legitimate spammers who do mostly legitimate mailings
and dabble in illegal harvested spamming on the side.  They
and Ralsky or whoever buys harvested addresses can all be
cellmates in Federal prison for all I care.  Actually it
may be more entertaining if their cellmates were Mongo
and his friends.

> You must fight war on all fronts. You
> educate the legit users on what not to do. This has been all over the news
> recently. Everyone thinks everyone else is a spammer, but not them.

SURBLs are not the tool to do that:

1.  We don't want to catch every spam.
2.  We want to catch every spam that has URIs that don't get
mentioned in ordinary ham.

Say citibank started using harvested addreses (and liked
prison food), or hired zombie users to deliver their mail.
Should we then list Citibank?  I don't think so since some
people might still want to get their legitimate banking
notices, etc.  Say someone sends spams that mention microsoft.com
and they hit some spamtraps.  Should we list Microsoft?  I kind
of doubt it.  The same principle applies to other legitimate
organizations, including some we may not personally know.

Repeat after me: We don't want to catch every spam.....  ;-)

> I'm also VERY surprised at your comment. More then a few time YOU have
> educated people who have contacted us for removal from SURBL. 

Yes, but most of them should not have been added in the first
place.

>>We want to list as many true spammer domains
>>as we can find and also prevent legitimate domains from being
>>listed.

> Again, legit? Once ANY company hits a spamtrap, IMHO, they are no longer
> legit.

A global, set-it-and-forget-it black list has a different goal:
to list only pure spammer domains.  We've been over this before.

I guess some spam fighters are so focussed on catching every
possible spam that they sometimes forget what we're trying to do.

> Not until they find out how they hit that trap. Possibly they
> purchased, as in gave money to a spammer, a list. With education, they will
> NOT do that again. Thus reducing income for spammers. Possibly they have an
> xploitable web subscription form? How the hell would they know unless
> someone tells them?

>>The goal with a greylist should be to cast a wider net but
>>to eventually filter those down to some truly black entries
>>that can be listed more broadly on full blacklists.
>>

> My goal is to stop spam. Using any method. Education is probably THE biggest
> way to do this.  Imagine if all the clueles users suddenly could spot 100%
> of spam emails, and NOT fall for them. Problem solved. 

> Its the whole teach a man to fish thing. And I'm not rehashing the argument
> about SURBL. I clearly state I DO NO list what I want to list. I list what
> makes Jeff happy :) 

Then educate them with UC, not SURBLs.

Jeff C.
--
"If it appears in hams, then don't list it."



More information about the Discuss mailing list