[SURBL-Discuss] Re: embedded image spams

Jeff Chan jeffc at surbl.org
Tue May 31 07:16:43 CEST 2005


On Monday, May 30, 2005, 7:31:27 PM, Sean Sowell wrote:
> On May 30, 2005 1802 Jeff C. wrote

>> 1. Please don't use SA scores as an absolute indication of
>> spammyness.  It's crucial to manually review the submissions
>> and not report legitimate domains like dell.com, directv,
>> walmart, etc.  Please don't report those!

>> 2. Please do continue to use SpamCop for reporting.  Even in mole
>> mode, we get the URI reports.

>> 3. But's it's crucial to NOT report legitimate domains.  Frankly
>> the only domains I'm interested in blacklisting are the ones that
>> are advertised by criminal spam gangs, i.e. the ones usually
>> advertising viagra, porn, pirated software or mortgages, etc.

> OK, for general purposes I see why the spamvertised domains should not be
> blacklisted.  I only started using SA on 5/19.  Have been reading thru their
> faq and wiki, and can see how the 600 rules it uses can at times cancel each
> other out.  I haven't seen a reason to change the default threshold yet but
> that may change.

There are very few negative scores left in SA.  About the only
one people commonly have trouble with is ALL_TRUSTED.  That only
"does the wrong thing" if the trust path is not set correctly:

  http://spamassassin.apache.org/doc/Mail_SpamAssassin_Conf.html

> For me, it helps to see who's letting their stuff or their logo appear in
> spamvertisements.  At some point - in my book anyway - they move from the
> innocent bystander column into a gray area and across the spectrum toward
> black.  Just my point of view.

> I do review my submissions carefully.  I include the spamvertised domain(s)
> in my reports so they know their marks are being used improperly and can
> take steps to end it.  That way, the spammers get it from both ends.  Seems
> fair to me, but please let me know if my thinking is flawed.

That's fine as far as it goes, but it's not what we're looking to
include in SURBLs.

If you can find domains that belong to spam gangs advertising
viagra, mortgages, warez, etc. then please report those.

Please do not report Dell, Walmart, or any other domain with
legitimate non-spam uses.

Jeff C.
--
Don't harm innocent bystanders.



More information about the Discuss mailing list