[SURBL-Discuss] Whitelist Please

David B Funk dbfunk at engineering.uiowa.edu
Wed Sep 8 07:16:06 CEST 2004


On Tue, 7 Sep 2004, Justin Mason wrote:

> There's another issue to think about, when you're talking about SURBL
> listings. A domain listed in SURBL may not have anything to do with the
> *sender* of the message; it matches the domains mentioned inside a message
> *that may have been sent by someone else*.
>
> I think this means that the SURBL situation is uniquely different from
> most DNSBLs.   Generally a DNSBL matches against the *sender* of a
> message.  If a sender is listed, their messages and only their messages
> are blocked.
>
> But in the SURBL case, a listing means that their messages, forwarded
> copies of their messages, cut-and-pastes from parts of their messages,
> etc. will also be listed.
>
> This inherently means that for a certain case of borderline domains,
> a listing will result in more FPs even if the original sender has
> spammy tendencies.
>
> - --j.

Yes, but at a deeper level, SURBL is actually a better anti-spam
tool because of that phenomenon. Spammers are a service industry, they
sent out junk because they get paid by somebody else to do so.
(IE just the sending of the crap is not intrinsically valuable, it's
because somebody else finds value in it as an advertising medium).

So each forwarding of a spam message is that much more exposure and
value-add for the actual slime-merchant.

If we can make that reference anathema, then we take away its value
and reduce the effectiveness of that advertising medium, thus reducing
the profit motive. Which ultimately will be the only real way to
stop spam. As long as there's good money to be made in a particular
activity (spam, drugs, smuggling, etc) people will do it, regardless
of how hard it is to do.

This is also why SURBL is useful for blog cleaning, etc. It hits
the references to the slime-merchant's goods.

However Justin, Jeff, et-all are correct. We need to be careful in
how we target this weapon, lest it get branded a loose cannon.

-- 
Dave Funk                                  University of Iowa
<dbfunk (at) engineering.uiowa.edu>        College of Engineering
319/335-5751   FAX: 319/384-0549           1256 Seamans Center
Sys_admin/Postmaster/cell_admin            Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{


More information about the Discuss mailing list