On Friday, January 14, 2005, 7:31:06 PM, Sidney Markowitz wrote: > Robert Menschel said: >> Don't drop the 125, but simply add to the >> whitelist a number of the "new" top 100
> I like that idea as a second choice. If the list is only updated when > there is a new release of SpamAssassin then it will not grow too rapidly. > It would be quite a few years to get to a table of a thousand entries. > There would be a minor problem with a whitelisted domain expiring and > getting snapped up by a spammer. That could be taken care of by the SURBL > people checking if a domain that is being added to the SURBL is on the > whitelist and informing the SA team so it can be removed. Problem is the 125 (or 250 or whatever) are hard coded into SA versions. Those versions don't get updated very often (and some people never or very seldom upgrade their code) so it would be hard to remove hard-coded, formerly legitimate domains that got recycled by spammers. Therefore the ones chosen for an ignore list like this need to be very stable and certain, like yahoo, w3.org, etc. > But it is only my second choice, if there is no way for SURBL to monitor > domains in email independent of the SA queries. I like the idea of them > getting feeds from ISPs like the one sonic.net offered. That way they can > maintain a current list of most common domains in ham mail independent of > the SpamAssassin release cycle. SpamAssassin could download the list more > or less often depending on how volatile the list is. My guess is that > monthly is fine, as that is much better than once per SA release cycle. Currently there's no provision for updating the hard coded list other than releasing a new version of SA. Something more dynamic could perhaps be engineered, short of another RBL. There are a number of reasons for not doing a whitelist RBL: 1. Excessive queries: Whitehat domains come up a lot in messages. 2. Potential misuse: Inadvertently blacklisting whitehats, i.e. user error. 3. Possibility of negative scoring: Some application would probably try to negative score them, which would simply cause spammers to load up their spams with a lot of whitehat domains, which would drive up mail processing loads, DNS queries, etc., and potentially get spam through filters. ... Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
