On 6/9/2014 3:02 PM, Rob McEwen wrote:
Domain age is a good metric to factor in. But I'm always fascinated with
some people's desire to block all messages with extremely new domains.
(NOT saying that this applies to everyone who posted on this thread!)
Keep in mind that many large and famous businesses... who have fairly
good mail sending practices... sometimes launch a new products complete
with links to very newly registered domains. Same is often true for
advertisments for things like rock concerts, etc. Or web sites that deal
with specific events or hot-topic political issues that appeared out of
nowhere. Yes, some of these are UBE. But many are NOT!
These example provide one of the largest source of FPs for all the major
domain/URI blacklists. But the better domain/URI blacklists have good
mechanisms in place to (a) PREVENT... MANY of these from ever becoming
FPs in the first place, and (b) and where those mechanism failed, they
have good triggers/feedback to remove & whitelist such FPs VERY QUICKLY
if/when they do occur.
In contrast, many who might go overboard by outright blocking on
newness... and/or scoring too agressively on newness... may find
too-high FP problems kicking their butts in the long run. And when such
a FP starts happening, they may not have the proper telemetry to
catch/fix it until AFTER much FP damage has happened.
Personally, I think that the real problem here is that some of the most
famous URI/domain blacklists are NOT catching everything and/or NOT
catching everything fast enough... combined with many sys admins failing
to make use of ALL the good and low-FP URI/domain blacklists... where
they 'd see MUCH better results if they were using ALL of the good URI
blacklists! ...but I'm a little biased on this point! :)
A great point. My goal is simply to build a system to identify the age
of domains and use it as YAIOS or yet another indicator of spamminess
not as a poison pill.
