Re: FYI: ccTLD .de listed in RFC-ignorant.org

Mon, 15 Aug 2005 16:13:37 -0700 

>...
>Dirk Bonengel wrote:
>> FYI:
>> rfc-ignorant.org has .de listed in whois.rfc-ignorant.com.
>
>As others pointed out, it's listed 127.0.0.7 not .5.
>
>> 
>> http://www.rfc-ignorant.org/tools/detail.php?domain=de&submitted=1120996396&table=whois
>> 
>> In a standard 3.0.x install, DNS_FROM_RFC_WHOIS gives a score of 0.492
>> (net) or 0.296 (net+bayes).
>
>
>
>However, all that said, 0.492 is a pretty small score for a rule. And that low
>score is a reflection of RFCI's occasional FP problems and low general hit rate
>on spam.
>
>Even if the rule was hitting all of .de, it really isn't that significant of a
>score. (Unless you're talking about nutjobs with spam thresholds set at 1.0).
>
>With such a low score, I really wouldn't worry much even if it was hitting.
>Unless you're dealing with nutjobs that have spam thresholds set at 1.0 it
>really isn't very significant.
>
>Now 3.1.0-pre1 has a higher score for it. (1.45 in set3). That I might worry a
>bit if it was false hitting.
>
        As usual, Matt has correctly stated the situation;  But another
way to view it is that RFCI is *not* a spam list (or lists) - It is a
group of lists of domains which violate particular RFCs.  It just happens
that spammers (and many large companies) are in this group who choose to
ignore the RFCs and of those who get reported (re. nominated) and listed,
spammers are a disproportionate group - which makes the rfci lists a good
spam sign (not even close to "spam" lists like the SURBLs, but more than
good enough to warrant the scores which have been computed).  When viewed
as RFCI sees themselves, FPs are quite low, simply many non-spammers through
either ignorance, choice or both, decided to or forget to abide by the
"rules" RFCI checks for (much better stated on their web site than by me).

        All the above said, they work even better as URI_ rules, though
they are not used that way in any SpamAssassin distribution by default.
And then, they hit a *much* larger proportion of spam and a somewhat
lower proportion os ham - i.e. the S/O ration is better when used as
URI_ rules than when used as DNS_FROM_ or RCVD_ rules (i.e. spammers
often use open relays or proxies, which avoids many rfci lists, but the
web sites themselves are still listed at rfci as non-compliant domains).


        Paul Shupak
        [EMAIL PROTECTED]

Reply via email to