[SURBL-Discuss] Whitelist Please

Frank Ellermann nobody at xyzzy.claranet.de
Thu Sep 9 23:49:41 CEST 2004

Jeff Chan wrote:

 [Seth Breidbart]
> note there is no H in the name

Oops, sorry, I checked only the wrong version with Google,
completely stupid, for the correct spelling I should have
used the link in my signature.

> It's interesting, but probably does not apply in the mail
> spam area directly.

Yes, it's only the principle which is interesting, use some
simple and objective criteria as far as possible.  You have
already some good algorithms like "domains inherit the values
known for other domains with the same IP".

That's the stuff I like, it makes sense, and it works always
the same way - independent of your mood or caffeine level.

> there always must be some subjective judgement applied,
> especially when we can't see the entire universe of mail
> spam

Sure, but you can still try to minimize these judgement calls.
In the case of SC you have quantitative data, a good sample.

> we must reserve the right to make judgements.

Of course, there are and always will be errors in the SC data,
joe jobs / bogus links / abuses.  It's good to fix these bugs,
and remove or prevent any corresponding sc.surbl.org entries.

But it's wrong to do more than this.  If SC says that inkjets
(or whatever the name was) is spamvertized, then it should be

> reporting IB to SpamCop does not take them out of
> sc.surbl.org.  That still must be done on our side.

Yes, maybe these efforts could be combined somehow.  If you're
in contact with Julian, maybe he's willing to share this info.
They are interested in "IBs", but there might be reasons why
they cannot publish this data.

> The actual number of meaningful whitelist hits is much
> smaller than you may be assuming.

No assumption, I'm only worried that the manual interventions
for whitelisting could get out of hand, or end in arbitrariness.

> http://spamcheck.freeapp.net/whitelist-hits.new.log
> I see approximately zero.  :-)

Did you count tripod.cl ?  That's an extremely ignorant hoster
of many spamvertized pages.  Wanadoo.es also had some dubious
customers.  Or does this data exclude spamvertized subdomains ?

> The point about Schlund is that we should not consider
> them a blackhat registrar because they have a few abusers.

ACK.  Some years ago there was a problem with this hoster, but
they changed.  Like Joker (as registrar), and maybe we can say
the same for SpamCast (as ISP) in 2006.

> There are some registrars that seem to register a lot of spam
> domains.

DirectI.  In theory this should be better in 2006.  The new
ICANN WDPRS for almost all gTLDs started this year, therefore
the problems should be obvious early in 2005, and then rogue
registrars fix their procedures or risk their accreditation.

>> maybe one general whitelist covering all zones is not good
>> enough.

> I disagree.  If a domain is legit, we whitelist.  Otherwise
> we allow them to get listed.  It doesn't matter what the list
> is.

That's a point where we have to agree to disagree.  I support
the published definition of SC.SURBL.ORG with the "democracy
in action".  Which has nothing to do with your personal ideas
of "legit".  Heck, we're not on the same continent, we're in
completely different cultures, there's almost no chance that
our definitions of "legit" match.

We obviously agree on "don't harm innocents" as an excuse to
overrule SC votes, but that's not exactly the same as "legit".

                       Bye, Frank
Whois Data Problem Report System <http://wdprs.internic.net/>

More information about the Discuss mailing list