[SURBL-Discuss] Theory about FPs for sites with open subscrip tions

Chris Santerre csanterre at merchantsoverseas.com
Mon Oct 18 16:18:34 CEST 2004



>-----Original Message-----
>From: Jeff Chan [mailto:jeffc at surbl.org]
>Sent: Saturday, October 16, 2004 10:31 AM
>To: 'SURBL Discussion list'
>Subject: Re: [SURBL-Discuss] Theory about FPs for sites with open
>subscriptions
>
>
>On Saturday, October 16, 2004, 6:57:56 AM, Rob McEwen wrote:
>> Recently, a high-profile news web site (ranked about 1,500 
>on alexa.com) had
>> the IP address of the server sending their newsletters blocked by
>> bl.spamcop.net
>
>> I contacted someone from SpamCop and they mentioned that, upon
>> investigation, this site had an "open loop" newsletter subscription.
>
>> Recognizing that open loop subscriptions is a bad policy... 
>this is one of
>> the reasons that, IMHO, SpamCop's RBL is much too aggressive 
>to use for
>> all-or-none, "yes/no" blocking. (Though I do use it for auditing.)
>
>> More importantly, I hope that this kind of stuff does NOT 
>**automatically**
>> get propagated from SpamCop to SURBL? (Though I'm largely 
>unfamiliar with
>> this process.)
>
>The SpamCop RBL and our use of SpamCop's Spmavertised site data
>are totally unconnected, aside from using some of the same
>reports as input data.  Their BL policies have no effect on
>our sc.surbl.org policies.
>
>The problem with these open subscriptions getting onto SURBLs
>is happening on OB, the Outblaze spamtrap SURBL, and WS, the
>manual and some spamtrap SURBL.  That, plus some looking at
>the NANAS reports leads me to think some spamtraps may be
>getting poisoned with these open subscription domains.  The
>poisoning may be deliberate or unintentional, with good
>intentions or bad, but either way most of these open
>subscription sites should not be getting onto our lists since
>many have otherwise legitimate uses.
>
>Obviously open subscriptions are an extremely poor practice
>and open for abuse, but that alone should not be a reason
>to get listed in a SURBL, especially for otherwise legitimate
>industrial/engineering/child protection sites, etc.
>


Perhaps it may be time for WS to have its own spamtraps? Most of you might
already have them. I don't use any. Only what comes into my company. However
a few "one time" aliases that were made for business reasons, I haven't
deleted and they are starting to get spam. 

I just think we might be able to get some nice clean data with some nice new
spamtraps for WS. 

Thoughts?

--Chris


More information about the Discuss mailing list