[SURBL-Discuss] RFC: Adding SpamBouncer phishing data to
ariel at spambouncer.org
Tue Aug 2 19:07:14 CEST 2005
> Outstanding. I get a ton of phishes. The SURBL checks I already use
> (primarily the SpamCop and Spamhaus SBL/XBL checks IIRC) catch most of the
> other crap I get.
SURBLs do tend to get the phish domains and IPs listed quickly,
and Jeff's extremely strict "No false positives" standards have
done a pretty decent job of keeping out domains belonging to
innocent bystanders and (a trickier matter) domains belonging
to servers that were hacked/trojaned/0wn3D and then used to
host a phish site. That doesn't catch all phishes, of course,
but it catches a good many of them.
The SpamBouncer filters catch a lot of new phishes, because of
my set of "Phish Target" filters. These filters check for
email claiming to be from a company targeted by phishers (like
Ebay, Paypal, Washington Mutual Bank, etc.) to see whether it
really came from there. If it isn't, it tags it, "Phish Target/
Forged Origin", and then my spamtrap puts it in a file of
probable phishes that weren't caught by the "Phish Domains",
"Phish IPs" or "Phish URLs" filters.
So I usually update my phish recipes pretty quickly. It seemed
a shane not to share that data more widely.
> The other thing I'd love to figure out is how to reliably tag
> all the 419 scams I tend to receive.
SpamBouncer doesn't catch them all, but it catches most of
them. Want a couple of Procmail recipes for this? I don't
think, however, that SURBLs will be much help with 419 spam
because most of it doesn't use a domain or IP that belongs
to the spammer/419er. Most of it uses free email sites and
phone numbers for contacts.
> Jeff, if you can make this work, I owe both you and Catherine
> a keg of beer. :)
Diet coke for me, please, but I'll happily accept. ;)
Catherine Hampton <ariel at spambouncer.org>
The SpamBouncer * <http://www.spambouncer.org/>
Personal Home Page * <http://www.devsite.org/>
More information about the Discuss