>...
>Yes, but Paul, quoting real spam domain's isn't the real problem here.
>
>The problem is the same thing happens to nonspam domains. In the past month
>it's
>happened to me TWICE that a nonspam domain got misreported to two different
>URIBLs.
>
>One of them, as mentioned before, is an update site for PAID users of a
>product.
>The mfr does not want those links sent out to anyone who hasn't paid for the
>product, because nobody but paid users can use them. However, some moron
>reported them to multiple URIBLs. I assume it's the same moron from demon.co.uk
>who reported the update notice to NANAS.
>
>http://groups.google.com/group/news.admin.net-abuse.sightings/msg/68ab6ba5d962b466?hl=en&;
>
>
>It's events like that which are the problem. I really don't care about real
>spam
>domains, but I do care that one mis-report tends to get rapidly replicated
>across multiple URIBLs.
>
>This is a BIG problem for the URIBLs because they are heavily monocultured.
>
Jeff and Chris can correct me, but as best I understand the listing
criteria, the best/worse a purposely fraudulently complained about domain
could get would be listings in SURBL [ws], [ob] and URIBL [black] is the
complainer filed the form at RulesEmporium and had an Outblaze account to
complain from. AFAIK, it takes more than a single complaint to get onto
either SpamCop or SURBL [sc], seems fairly difficult to get on the [ab] list
os AbuseButler itself, and you'd have to spam Joe Wein or Raymond to make
the SURBL [jp] list. I do have to admit that for all of my "extra" net tests,
I try to account for them with a higher than default threshold for most email
accounts at my site and slightly lower than typical scores for some RBLs, so
at least for me a SURBL [ws] + [ob] + URIBL [black] would be cancelled by
a low BAYES score (BAYES_20 or lower) and still delivered (to most accounts).
Again, as far as I can tell, once a domain hits SURBL [sc], the chances of a
FP are very low, but you handle so much more mail than I do, you are likely to
see those rare FPs, and I am not. There have been a very few FPs I have seen
where a legitimate "bulk mailer" was Joe-Job'd by someone; But the FPs were
on the listings - the email I received were "real" spam, just not from the site
listed in the message.
Your knowledge of a specific person who sent copies of mail to NANAS
does probably explain one case. Personally, I'm currently have a problem
with Conde Nast, who somehow has cross referenced several of my personal
accounts to the names of one person with an account here (the first few emails
addressed that person by name, though they went to other accounts) and now
is spamming me every day for one or two magazine subscriptions and/or "special"
offers (and I have never subscribed to any of their many magazines). And
SURBL "seems" to have them whitelisted, even though they now trigger URIBL,
the SBL and many other RBLs and all of the digests (DCC, Razor and Pyzor).
Paul Shupak
[EMAIL PROTECTED]
