[SURBL-Discuss] RFC: How to use new data source: URIs advertised through CBL-listed senders

John Wilcock john at tradoc.fr
Tue Apr 19 11:02:10 CEST 2005


Jeff Chan wrote:
> One of the goals of looking at URIs appearing on the CBL traps in
> messages also triggering CBL inclusion is to get listings of new
> URIs into SURBLs sooner.  One of the valid criticisms of SURBLs
> is that there is too much delay between the time a URI is first
> used and it gets listed in SURBLs.  This is a problem with RBLs
> in general, and it means that the targeted senders (or URIs) have
> a window of time before detection and list inclusion where they
> can send unhindered. 
...
> Our challenge therefore is to find ways to use those
> while excluding the FPs.  Some solutions that have been proposed
> so far are: 
...

What strikes me most is the fundamental incompatibility between aiming 
to reduce the window of opportunity before a URI gets onto any lists, 
yet using inclusion on other lists as a way of confirming the validity 
of the data.

How about a multi-level system, where any (non-whitelisted) URI in the 
CBL data is immediately included on the first level, then gradually gets 
promoted to the higher levels once it is corroborated by further 
reports, inclusion in other lists, manual confirmation or whatever.
The last byte of the A record could be used to indicate the level.
The number of levels and the details of promotion/demotion strategies 
would obviously need to be worked out and refined over time.

Logically the lower levels would have higher FP rates, but can be given 
lower SA scores (or equivalent weightings in other client apps).

John.

-- 
-- Over 2500 webcams from ski resorts around the world - www.snoweye.com
-- Translate your technical documents and web pages    - www.tradoc.fr



More information about the Discuss mailing list