[SURBL-Discuss] Whitelist Please

Jeff Chan jeffc at surbl.org
Tue Sep 14 10:54:08 CEST 2004

On Monday, September 13, 2004, 7:45:44 AM, Frank Ellermann wrote:
> Jeff Chan wrote:
>> 4. If a hosting company is legitimate, they will kick out
>>    any spammers using subdomains under their parent domain.

> Some hosters needed a clue by four.  Did I mention tripod.cl ?
> Or terra.es ?  At the moment new domains are state of the art
> (if spamming is an art), but that will change.

Terra.es definitely kicks spammers.  I've seen them do it.

>  [joke-of-the-domain spam]
>> Yes, collateral damage is easily avoided.  Don't list them.

> That _is_ a collateral damage for the recipients of this spam,
> those who never solicited it and don't want it.  If you refuse
> to list spammers only because some other users might exist who
> want this crap, then you hurt all users who don't want it.

> And vice versa.  In that conflict of interests it's not the
> job of SURBL to protect spammers, but to protect the victims.

People who's legitimate messages are blocked due to
over-inclusive blocklists are also victims.  But they
are *victims caused by **our** actions*, not by the
spammers.  We should NOT ***CAUSE*** VICTIMS.

We need to be like doctors: do no harm.  If we let
through a few spams, that's much better than blocking
someone's legitimate mail.

I think many people do not understand that, and
that is a definite problem.

If we cause FPs, we are doing more harm than good.

It's better to let a couple spams through than for
our tools to ***cause*** harm to people.  We should not
**create** victims by having FPs.

>> Should we ***block everyone else's use*** of the Joke of the
>> day domain?

> If this joke-of-the-day is reported often enough via SpamCop
> as spam, then it should be listed in SC.surbl.org.  Otherwise
> you would censor the SC input data for personal reasons, and
> that would be wrong.

> You should only play god if you're absolutely sure that SC and
> the SC users screwed up (and this will happen, the spammers
> try it again and again).  SC is only a script, it can't think.

If the SC users are trying to list messages as spams that other
people consider hams, then they have screwed up.  We reserve
the right to correct their mistake.  Mistakes do happen

>> Remember, the goal is to include domains that *only appear in
>> spams*, and to exclude domains that appear in hams.  I think
>> that's very clear and simple, not at all obscure.  :-)

> The goal for SC.surbl.org is to list spamvertized domains, and
> to identify spam based on the listed domains.  It's perfectly
> neutral, not "some users really want a mortgage from this bank"
> or similar excuses.

We are trying to make lists that do not have false positives.
A list that has no false positives will probably miss a few
spams.  It's MUCH better to miss a few spams than to block
someone's legitimate mail due to false positives.

Real banks don't send mortgage spams.   Real banks don't
use zombies.  Have you ever gotten a Viagra spam from Pfizer?
I haven't.

>> If we include every domain that anyone has ever considered
>> spam, our data will be too full of false positives for other
>> people to use it.

> That's why you have technical rules for the SC input data, it's
> not "anyone", but substantiated facts reflecting SC reports.

SC users are sometimes wrong.  They are not perfect.  They
sometimes try to report sites that have legitimate uses.

> It would be a lie if you exclude spamvertized domains for only
> personal reasons.  Sometimes "legit" companies really are so
> stupid to spamvertize their own domain directly, and then they
> should be listed if the required number of SC users says so.

>                         Bye, Frank

It's not "personal reasons" if other people use a domain
legitimately.  That's highly impersonal reasons.  We don't
need to  know any of the legitimate users, to want to protect
them from incorrect blocking.

Lots of spams come out of topica or lyris.  Should we block
them?  Of course not.  The legitimate uses outweigh any spams
abusers can send out before they are shut down.  Yes they
are a source of some spam, but blocking them would cause
more harm than good.

I think if you're not understanding this point, there's not
much reason to debate it further.

Jeff C.

More information about the Discuss mailing list