Matt Kettler wrote:
Marc Perkel wrote:
I was wondering about how to get a blacklist included in the SA
distribution. I have a blacklist and whitelist that are both very
good. I've been publishing it for about a year now. But I have a few
questions.
What are the licensing requirements that I have to give to be
included? I assume it has to be unrestricted?
Yes, or at least unrestricted enough that almost anyone, including
businesses, can use it freely.
IMO, your list usage criteria currently is a bit too restrictive.
Personally, I think for inclusion in SA it should be free for anyone,
possibly with some exceptions to protect the list from being overloaded..
Spamhaus fits this kind of "self defense against overload" model IMO,
limiting free usage to sites under 80k emails and 320k queries per day,
and not allowing free use by appliances or reseller services. However,
they are open to free use by businesses that aren't selling spam
filtering as long as they're under the 80/320k limits. IMO, anything
more restrictive than that probably shouldn't be in SA. Actually,
personally I wish spamhaus's limits were a bit more liberal, but I'm not
vastly uncomfortable with them.
What kind of bandwidth does it usually pull from servers when it is
part of the default distribution?
I have 5 servers now at 3 locations and soon to add a 6th at a 4th
location. Is this enough?
For that, I have no clue.. probably not a lot of bandwidth, but probably
quite a lot of queries. Perhaps one of the URIBL or SURBL folks that
hang out in this list could give you a better idea. Although the usage
is different, they're also almost exclusively used by SA. Other RBL
operators get a lot of usage by tools other than SA.
What other issues does SA look for when it come to inclusion?
1) S/O performance in some of the preliminary mass-checks.
I see you've got some SA rules posted on your site.. perhaps we could
sandbox them and see how they do in the nightly mass-checks.. Any devs
curious? Anyone want to set me up with access to my sandbox so I can put
them in?
2) Well documented listing/delisting policies, having those policies be
compatible with SA ideals (ie: spews was not compatible), and a track
record of sticking to them..
One thing that strikes me as missing is that permanent
black/whitelisting is mentioned, but there's no distinct policies about
what gets permanently listed. Track records only come with time, but
you need policies in order to start building one :)
3) I would say it needs to be distinctive from "all the others". If an
RBL has 100% overlap with other lists, it's not adding any useful
coverage. That could also be checked out in the mass-checks.
Thanks Matt,
Depending on other issues I'd be willing to change my terms to be SA
compatible. I can work on the docs. My list is definitely not another
"me too" list. I've found a way to identify spambots on their first
attempt but looking at things like hitting fake high numbers MX records
and tracking what servers fail to issue a quit to close the connection.
I'm tracking around 750k spambots that I blacklist.
Permanent black/white listing comes from some lists that I do download
from other places where use of port 25 is prohibited. As to white lists
that is somewhat automatic. I think I have the biggest white list on the
planet.
I am interested in having some testing done to see if there are any
false positive issues and see how it rates as to if it's effective.
Also, I have an interesting feature, yellow listing, which if you check
my yellow list then if it's listed you can ignore all other lists.
Yellow listing are mixed ham/spam sources like Yahoo, gmail, Hotmail
that should never be either black or white listed.
