[SURBL-Discuss] RE: Revised DMOZ data, got Wikipedia domains too

Chris Santerre csanterre at merchantsoverseas.com
Fri Oct 8 20:54:06 CEST 2004



>-----Original Message-----
>From: Daniel Quinlan [mailto:quinlan at pathname.com]
>Sent: Friday, October 08, 2004 2:01 PM
>To: Chris Santerre
>Cc: 'Jeff Chan'; SURBL Discuss; SpamAssassin Developers
>Subject: Re: Revised DMOZ data, got Wikipedia domains too
>
>
>Chris Santerre <csanterre at MerchantsOverseas.com> writes:
>
>> I think this is just plain nuts to whitelist all of these! Why? If we
>> don't try to whitelist the most popular sites, then what the heck it
>> the point? We could whitelist millions of legit domains forever. The
>> popular ones are the most important.
>
>The points:
>
>  - whitelisting legitimate domains limits the effectiveness of joe job
>    attacks that result in FPs in various SURBL blacklists
>  - whitelisting could be used as negative points for MAIL FROM if
>    combined with SPF (and more domains is better)

Yeah, but not everyone is using SPF yet. But if they were, sure! 


>
>In addition:
>
>  - I would only whitelist those domains (a) subject to editorial
>    removal (b) so long as their domain registration is old enough and
>    (c) so long as they pass other criteria such as no SBL listing for
>    NS->A.

Yeah date seems to be key in more and more cases. Granted a spammer could
buy one of these older ones, but hasn't happened often enough. 

>  - I would maintain the automated whitelist separately from the human
>    edited whitelist and handle it differently.  For example, perhaps
>    automated whitelist entries can only remove a single blacklist hit
>    (like SpamCop), but to remove two independent blacklist hits, it
>    requires a human decision.
> 

Did you look at the example from the list I gave? It doesn't even have a web
page! Just says testing. I'm all for whitelisting, but popular/useful
domains only. 


>> so: 
>> -1 for adding all those intersected to WL
>> +1 for whitelisting the blacklist hits.
>
>I think there are other options available due to the miracle of
>programming.  ;-)
>

Well like they say around here, "You can't argue with success."

But taking away spam points based on an autowhitelist still makes me
nervous. But you might have a few tricks up your sleeve D.Q. that I don't
know about yet ;)

--Chris


More information about the Discuss mailing list