We are pleased to announce the availability of three new SURBL
lists:
ob.surbl.org - OutBlaze spamvertised sites
ab.surbl.org - AbuseButler spamvertised sites
multi.surbl.org - Combined SURBL list
ob is a large list of about 20k spamvertised sites kindly
provided by OutBlaze and based on data found in their spam traps.
ob has a strong spam detection rate of around 70% and a low
false positive rate around 0.1%. Only domains that have been
registered within the past 90 days are included in ob.surbl.org
and this "newness" requirement is probably one of the reasons
for the low FP rate, given how quickly spammers use and must
discard domains for their web sites.
ab is a smaller list of the top 425 or so spamvertised sites
over the past 7 days kindly provided by AbuseButler:
http://spamvertised.abusebutler.com/
AbuseButler's data sources include SpamCop and native reports.
In general philosophy and data processing styles, ab.surbl.org
is similar to my own sc.surbl.org which is also based on SpamCop
data, and the results of both lists are similar, but not identical.
multi is a bitmask-combined version of all of the other lists
plus an anti-phishing list provided by Mail Security:
http://www.mailsecurity.net.au/
The latter is identified as "ph" and it is not available as
a separate list as its size probably does not justify the
resources of its own zone file, etc. However the data in ph
is important since it represents sites likely to be criminally
phishing for personal and financial information.
Because list membership in multi.surbl.org is encoded in a
bitmasked fashion, results from multi need to be decoded into
their constituent lists by programs such as urirhssub in
SpamAssassin 3.X. Support for this decoding may be back-ported
into the SpamAssassin 2.63 program for using SURBLs, SpamCopURI.
We expect that multi.surbl.org will become the list of choice
for SURBL use going forward, due to the convenience of getting
all list data in a single list, only needing to cache a single
zone file, etc.
More information about the all SURBL lists can be found at:
http://www.surbl.org/lists.html
Please feel free to ask questions or leave comments about
SURBLs on our discussion list at:
http://lists.surbl.org/mailman/listinfo/discuss
Please let us know about any false positives at:
whitelist at surbl dot org
Cheers,
Jeff C.
--
Jeff Chan
mailto:jeffc@surbl.org
http://www.surbl.org/
As part of an ongoing effort to consolidate spam message body
URIs that were in sa-blacklist and BigEvil and MidEvil
SpamAssassin rulesets, we have frozen be.surbl.org and
merged its records into ws.surbl.org. Eventually the
contents of be.surbl.org (and the list itself) may go away,
so we ask that anyone using:
be.surbl.org
switch to:
ws.surbl.org
instead.
ws.surbl.org, in addition to getting the old be.surbl.org
data and Bill Stearns' locally found data is also receiving spam
URI domains from Chris Santerre and others. ws.surbl.org is
becoming a collection point for those anti-spam efforts.
For those who wish to continue using SpamAssassin ruleset
versions, Chris Santerre and the SARE Ninjas will let us know
about future versions of BigEvil.cf and a successor wildcarded
ruleset for use with SpamAssassin. (Chris, when you announce,
please be sure to mention the relationships between the SURBL and
ruleset versions of things so folks don't end up using both
versions of the same data.)
For those looking for more efficient use of the sa-blacklist
and old BigEvil and MidEvil rulesets, the SURBL version of most
of their domains:
ws.surbl.org
may be a good solution. Using this data as SURBLs greatly
reduces the server memory footprint over the ruleset versions,
for example. That can make the data more practical to use on
smaller computers, or generally make more efficient use of
system resources on larger, busier servers. Using DNS for
distributing the data, however, SURBLs do require network
access. For a relatively few situations, this may be an
issue.
More information about SURBLs can be found at:
http://www.surbl.org/
Please feel free to ask questions or leave comments about
SURBLs on our discussion list at:
http://lists.surbl.org/mailman/listinfo/discuss
Please let us know about any false positives at:
whitelist at surbl dot org
Jeff C.
--
Jeff Chan
mailto:jeffc@surbl.org
http://www.surbl.org/
We'd like to welcome and thank three new public name servers
administered by:
Jake Zack of avalonworks.com
Tony Copeland of uncw.edu
Joe Boyce of shasta.com
I think some other people may have offered to serve up
the SURBL zones publically, and any help spreading the
load around further will be appreciated. It looks like
use of SURBLs could take off especially as SpamAssassin
3.0 has built in support for them using urirhsbl.
If anyone else would like to serve zones publically,
please contact Raymond and I at rsync at surbl.org .
I should mention that we are now adding a zone with
about 40k entries, ob.surbl.org, and we will also
ask to serve a combined list multi.surbl.org soon.
Multi will have the same number of entries as the
largest list. Currently that's ws.surbl.org with
under 20k entries, but multi will go to 40k when
we add in ob in. sc.surbl.org remains at around
500 entries but could change when I get around to
working on the new data engine. We will try to
deprecate be.surbl.org since its domains are now in
ws. We're still working out the details of what
happens to be after that happens.
More information on the lists can be found at:
http://www.surbl.org/lists.html
though I have not documented ob there yet.
We are also looking into some other potential spam
URI data sources such as proxypots, etc.:
http://proxypot.org/
Cheers,
Jeff C.
--
Jeff Chan
mailto:jeffc@surbl.org
http://www.surbl.org/
The SURBL web site may be offline for a couple hours during the
window from 23:30 to 02:30 U.S. Central time 12 June 2004 while
the hosting provider upgrades their power equipment. SURBLs will
continue to operate normally using the existing zone files,
though updates may be delayed for an hour or two.
Jeff C.
--
Jeff Chan
mailto:jeffc@surbl.org
http://www.surbl.org/