[SURBL-Discuss] Proposing a greylist

John Lundin lundin at cavtel.net
Fri Sep 3 10:50:25 CEST 2004


On Fri, Sep 03, 2004 at 08:27:10AM -0400, Rob McEwen wrote:
> Finally, another reason for this greylist, as I and Chris have pointed out
> in the past, is that spammers will try to circumvent SURBL in the future by
> providing some little legit service "on the side". Certainly, it would be
> good to keep these types "on a short lease". If we ONLY do what we have been
> doing so far, the is a big loophole in SURBL.

>From my perspective, this is the compelling reason to have another
list. I'm interested in not missing the URIs that actively appear in
spam with occasional appearance in ham, but want to depend on very few
false positives out of WS.

Maybe there should be a dark multi, with one bit for confirmed
spammers with some ham, and another for early warning entries.
It would be nice to be able to evaluate them separately.

As an analog, SARE splits some rulesets (genlsubj, html, header) into
`categories of "hit ONLY spam", "have hit ham", and "hit a significant
amount of ham." You can choose your level of safety and effectiveness.
(If you want to get fancy, encode a confidence level. Two bits? ;-) )


More information about the Discuss mailing list