[SURBL-Discuss] Re: Adding SpamBouncer phishing data to ph.surbl.org

Jeff Chan jeffc at surbl.org
Mon Aug 1 07:52:38 CEST 2005

On Sunday, July 31, 2005, 10:39:14 AM, Greg Allen wrote:
> People who do phishing are going to change their IP address (IP where the
> actual target/sucker is sent) frequently. They are also probably going to
> use random and ever changing computer IPs outside the US for obvious legal
> reasons. Maybe zombies even, who knows.

Yes, they're probably using some zombies.  Many phishes also use
fake domain names (like updatepaypals .com).  We list both domain
names and IPs in the SURBL phishing list. 

> Any domain names in a phishing email code are most likely going to be legit
> domain names such as, ebay.com, bankofamerica,com, southtrustbank.com etc..
> These are the domains visible to the target/sucker.

Yes, and we're whitelisting those legitimate sites, so they're
non-issues as far as false positives in SURBLs.

Jeff C.
Jeff Chan
mailto:jeffc at surbl.org

More information about the Discuss mailing list