On Aug 12, 2006, at 5:11 PM, John D. Hardin wrote:
b) have an RBL which returns different values for different
confidence levels. Something like a percentage of known spammers
are on that specific provider. So, if a registrar is 60% spammers
and 40% bystanders, it will return "60"... and I can choose to
only block those who have a 99% or higher rating, or something.
This would also, hopefully, allow SA to give different score
values to different ratings.
127.0.0.1 ... 127.0.0.100 perhaps? How would a rule to score points
based on the returned IP look? Can/does SA cache the returned IP and
test it in multiple rules without making multiple DNS queries?
I can see a few ways of doing this:
Multiple sub-zones, such as (using a registrar BL named REGBL as an
example):
REGBL70 (which includes everyone whose values are
127.0.0.70-127.0.0.100)
REGBL80
REGBL90
REGBL95
REGBL99
REGBL100
or something like that. This would go for those RBL implementations
(probably all of them) that are binary: you're either in, or not. So
then the mail admin just picks whichever zone they're most comfortable
with. For Spam Assassin, it could give different score values to each
of those sub-zones, perhaps using metarules to give one score, or
adding together the scores for each sub-zone.
Then you could have a REGBLALL which is the entire list of rated hosts.
From there, a given mail admin could either:
a) do a zone transfer, and grep for the values they like, to build a
custom confidence factor zone for local use, or
b) develop an RBL implementation or score system which produces
variable results.
And, actually, I wish all RBLs had this type of confidence factor
result instead of just being binary.
