[SURBL-Discuss] Additional phish/fraud list
Jeff Chan
jeffc at surbl.org
Sat Sep 18 01:20:25 CEST 2004
Can you clarify, are your lists intended to be sender domain
lists or message body URI lists:
http://rhs.mailpolice.com/
> What is rhs.mailpolice.com?
>
> MailPoliceTM maintains a domain-based list of domains which
> have been (ab)used to send spam to our customers. There are
> currently several domain-based lists: one which lists bulk mail
> senders and unsolicited advertisers; pornographic e-mailers and
> websites; reverse DNS hostnames of dynamic Internet
> connections; websites and IP's hosting fraudulant or phishing
> content; legitimate e-mail marketers and opt-in advertisers;
> and domains used by webmail providers.
> What is the point of a domain-based list? what's wrong with an ip-rbl?
>
> Judging e-mail based on the MAIL-FROM or hostname of the
> connecting mail server or websites advertised within an e-mail,
> is effective. Many unsolicited e-mailers regularly buy domains
> for the sole purpose of spam. No matter where the spam is sent
> from, it can be blocked based on the senders' domain name, or
> the domain name used in advertising URLs in the body of the
> e-mail.
>
> Blocking based on IP address is effective only as long as the
> spammer continues to send from these IP addresses, it does not
> take into consideration that spammers can quickly move to
> another set of IP addresses, or use unlisted proxies.
>
> Using a combination of domain-based and IP-based blacklists is
> an effective weapon against spam.
It sounds from the description that your RHS lists are sender
domains as opposed to message body URI domains as we use
with SURBLs.
That said, I can see how Bill may have found some overlap with
message body URIs.
Jeff C.
More information about the Discuss
mailing list