[SURBL-Discuss] RFC: How to use new data source: URIs advertised through CBL-listed senders

Patrik Nilsson patrik at patrik.com
Wed Apr 20 00:35:02 CEST 2005


At 03:57 2005-04-19 -0700, Jeff Chan wrote:
>On Tuesday, April 19, 2005, 2:35:37 AM, John Wilcock wrote:
> > For that matter, it occurs to me that it could actually be a *good*
> > thing if an obscure but legitimate domain gets listed at the lower
> > levels of a multi-level system due to being mentioned in a big spam run,
> > as its presence would, albeit temporarily, be a sign of spamminess.
> > This logic wouldn't apply for more commonly-mentioned legitimate
> > domains, but those will be on the SURBL whitelist anyway.
>
>I'm not favor of even intermittent listing of otherwise
>legitimate domains.  Remember many of the FPs are innocent
>bystanders, like a stock spammer mentioning a legitimate
>investment site, a bank phish mentioning a legitimate bank, or a
>419er mentioning some news story about their purported country,
>etc.
>
>It's hard for me to think of a time when it would be a good idea
>to blacklist legitimate banks, etc.  Most people don't want to
>miss ham from their banks, etc.

Maybe this data source would be best used as a (real dark) non-multi grey list?
Instead of trying to make it play well in a black-and-white set-up?

Patrik 



More information about the Discuss mailing list