[SURBL-Discuss] RE: Adding SpamBouncer phishing data to ph.surbl.org

Jeff Chan jeffc at surbl.org
Mon Aug 1 08:02:34 CEST 2005

On Sunday, July 31, 2005, 6:52:44 PM, Catherine Hampton wrote:
(Greg Allen wrote:)
>> This has been a debate for some time and the antivirus companies have
>> decided the debate. Can you look at it with SURBL also? Sure, but I am just
>> saying it is a lot of effort to add these disposable IP addresses into any
>> database. Who goes back and cleans up these databases 2 years from now when
>> maybe a real user gets one? It's your system, I am just giving you my
>> prospective, which could of course be wrong or...right. Time will tell.

> I'm adding the IPs to SpamBouncer anyway; it isn't any more work to
> add them to SURBL.  Since I expire them by default in a month, unless
> they still appear, and since Jeff is expiring anything he gets from 
> me on the same schedule I do, nobody needs to go back and clean up the
> database -- in two years or any other time.  So I don't see any disadvantage
> here, especially since a number of decent AVs still aren't listing 
> phish URLs as viruses/dangerous content.  

Actually I'm not expiring them, so it's good that you are.

But the key thing is that as long as they keep appearing in live
spams/phishes we can keep listing them.  After they've been
inactive for a while it makes sense to delist them.  We can
always add them back on if they start appearing again.

It is a valid concern that Greg makes about the sizes of lists.
The same question comes up for any blacklist; they can't
keep adding records indefinitely.  Inactive ones need to
get purged to keep the sizes reasonable.

But in practical terms, RBL-type lists can grow to at least a few
million records before they become impractical if the name
servers are using rbldnsd.  Right now multi.surbl.org, the
combined SURBL list has about 150k records.  sbl.spamhaus.org has
about 5k records.  xbl.spamhaus.org has about 2 million records.
So SURBLs are not running up against size limits any time soon.

Jeff C.
Don't harm innocent bystanders.

More information about the Discuss mailing list