[SURBL-Discuss] RFC: How to use new data source: URIs advertised
through CBL-listed senders
john at tradoc.fr
Tue Apr 19 11:02:10 CEST 2005
Jeff Chan wrote:
> One of the goals of looking at URIs appearing on the CBL traps in
> messages also triggering CBL inclusion is to get listings of new
> URIs into SURBLs sooner. One of the valid criticisms of SURBLs
> is that there is too much delay between the time a URI is first
> used and it gets listed in SURBLs. This is a problem with RBLs
> in general, and it means that the targeted senders (or URIs) have
> a window of time before detection and list inclusion where they
> can send unhindered.
> Our challenge therefore is to find ways to use those
> while excluding the FPs. Some solutions that have been proposed
> so far are:
What strikes me most is the fundamental incompatibility between aiming
to reduce the window of opportunity before a URI gets onto any lists,
yet using inclusion on other lists as a way of confirming the validity
of the data.
How about a multi-level system, where any (non-whitelisted) URI in the
CBL data is immediately included on the first level, then gradually gets
promoted to the higher levels once it is corroborated by further
reports, inclusion in other lists, manual confirmation or whatever.
The last byte of the A record could be used to indicate the level.
The number of levels and the details of promotion/demotion strategies
would obviously need to be worked out and refined over time.
Logically the lower levels would have higher FP rates, but can be given
lower SA scores (or equivalent weightings in other client apps).
-- Over 2500 webcams from ski resorts around the world - www.snoweye.com
-- Translate your technical documents and web pages - www.tradoc.fr
More information about the Discuss