First, Grant, you're far too trusting of institutions and government.
They're especially corrupt these days. Many governments that have had
decades or centuries-long track records for bing mostly trustworthy and
fair - are actually very corrupt these days. Such a governing body would
downward devolve into "what benefits our party" before long. And then
they'l punish those DNSBLs that blocked spam from their party (and orgs
that are their ideological allies), while rewarding those whose actions
benefited their party and ideological allies. They'll also start putting
their own ideological biases as criteria for what constitutes a quality
DNSBL. Remember that spam is about "consent" - NOT "content". But
they'll ultimately make content a criteria. They'll also start rating
DNSBLs by their ability to block what they deem to be "dangerous
misinformation", and the criteria for that will be very ideologically
biased.
And then Michael, the problem with MOST stats - is that this OFTEN
becomes "those stats that rubber stamp what our filter already concluded
must be best, while those that disagreed the most must be wrong".
(circular reasoning)
Merging these two subthreads together - the better solution is simple -
WHICH DNSBLs are economically incentived to be more accurate, as defined
by giving the end users more of what they want, meanwhile erring on the
side of fewer false positives, but not so much so as to create too large
of loopholes for spammers.
So then - how can that be measured?
The best way is to start by taking a DNSBL not previously used - have it
simply mark the messages without actually using the list to block spams
(such as scoring .01 in SA) - then see what they marked as spam that
went into the inbox (so it wouldn't have been blocked without that
DNSBL's usage). THEN - start examining random samplings of THOSE
messages to determine how much this DNSBL is reducing false negatives,
and how many false positives it's causing. Then in "edge cases" or
difficult to determine cases - ask the customer what they think ("do you
recognize this sender?"). But keep in mind that **all** DNSBLs make rare
mistakes, and there are going to be rare situations where a customer
really did engage with a spammer who sent 100% spams to a purchased
list, as well as occasional rare outliers like that.
Then judge that DNSBL on THAT basis. It's a bit tedious and takes some
work collecting such stats - but this isn't rocket science.
If a DNSBL is causing spams that were previously going to the inbox to
significantly lessen (reduction of "false negatives"), while also not
having any noticeable uptick in false positives - then they're going to
improve the spam filtering far more than a DNSBL that only rubber
stamped what a filter was already doing - which is EASY to do if that
DNSBL is only (or mostly) going after the "low hanging fruit". So it's
conceivable for a lower quality DNSBL to block 95% of all spam, not have
a single false positives, but not block a single spam that was otherwise
making it to the inbox - and while such a DNSBL has impressive stats -
it's not adding ANY value to the filtering. So high percentages of hits
on inbound messages can be deceiving. And lower percentages of hits on
the total number of inbound spams can ALSO be deceiving if such a list
is still reducing false negatives without causing false positives - such
a list might be doing an amazing job of that - yet without hitting on a
very high percentage of all inbound spam - since it didn't overly focus
on "lower hanging fruit". So, to summarize, a signficant reduction of
false negatives, without causing false positives - THAT is where value
and improvement is found - but raw spam stats for many systems OFTEN
don't properly measure that.
So, when evaluated in this SUPERIOR way, only a handful of DNSBLs rise
to the top. Those who have done such analysis on ALL of the most
well-known DNSBLs know EXACTLY which few are at the very top. And NONE
of the DNSBLs which aren't incentivized to "give the people what they
want" are there. NONE OF THEM! (and many which are incentivized to do
that are also not there - but, again, ZERO that are not properly
incentivized are at the top most beneficial DNSBLs). And a DNSBL trying
to please a government body that's biased by partisan politics will
NEVER get there (or at least not for long since these institutions
eventually become hopelessly corrupted).
For example - if SORBS has a few too many false positives, ProofPoint
(who owns SORBLS) probably isn't gonna lose a dime. If UCEPROTECT has a
few too many false positives, they'll actually MAKE more money. But, in
contrast, if invaluement or Spamhaus or Abusix ever has an significant
uptick in false positives - they'll all potentially lose much money! But
even then, again, some who are properly incentivized - STILL aren't
particularly good at this. DNSBLs are HARD!
Rob McEwen, invaluement
------ Original Message ------
From "Michael Peddemors via mailop" <[email protected]>
To [email protected]
Date 7/10/2023 8:29:14 PM
Subject Re: [mailop] Isn't SpamEatingMonkey's SEM-URI broken?
Actually, what I like is those companies that show real time stats on RBL's,
you get to see who is the most accurate, not only who would block the most..
If you get 'inaccuracies', then someone has done something wrong.
M3AAWG might be exactly the WRONG organization for this, given it's closed
membership..
Need a more altruistic partner for vetting.. Anyone have ideas or contacts?
(I know, we have even got on SpamEatingMonkey, love to see their listing
criteria, there is suspicion that domains in signatures, or forwarded emails
might be enough to trigger it)
On 2023-07-10 16:30, Grant Taylor via mailop wrote:
On 7/10/23 2:40 PM, Jarland Donnell via mailop wrote:
The problem is, running any blacklist and wanting to constantly speak to people
who are often just confused about how relevant your list even is, are very
often two different things. So there's not anyone to talk to, at least not from
a public-facing angle. It would certainly be nice if anyone on this list that
might be representing SEM wanted to speak up on the matter. This sounds to be a
case worth speaking up on.
I found myself wondering if there was anything like the Better Business Bureau
or some sort of accreditation that RBL operators can apply for wherein they
need to:
- demonstrate that they are responsive
- publish what is required to be delisted
- provide points of contact
The intention being that an RBL operator is taking steps / effort to be
genuinely good.
Yes, mistakes and accidents happen. It's how those mistakes and accidents are
responded to that make all the difference.
I'd wonder if someone like M3AAWG or the likes could fulfill this function.
If such an accreditation existed, then perhaps various filtering software
providers could default to only enabling accredited RBLs.
I hope it goes without saying that I would want it to be relatively easy to
become accredited. I suspect it would need to be even easier to have such
accreditation revoked.
All players start somewhere small and some grow into big players.
Grant. . . .
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
-- "Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
