Announce

announce@lists.surbl.org

187 discussions

ANNOUNCE: Mail::SpamAssassin::SpamCopURI 0.21
by Eric Kolve 05 Aug '04

05 Aug '04

Just released SpamCopURI 0.21: 0.21 Wed Aug 4 16:41:31 PDT 2004 - Defaulting config param spamcop_uri_limit to 20. If the number of URLs in a message exceeds the limit, they are shuffled and only up to the number specified for the limit are tested. - New syntax for specifying the address match for multi.surbl.org: Instead of '127.0.0.0/2' use '127.0.0.0+2' this is being done to eliminate any confusion with CIDR syntax. The old '/' syntax is still supported, but will be deprecated in a future version. http://sourceforge.net/projects/spamcopuri/ Package has also been upload to CPAN as well. --eric

1 0

[SURBL-Announce] ANNOUNCE: Additional data sources added to ws.surbl.org
by Jeff Chan 05 Aug '04

05 Aug '04

ws.surbl.org now has some additional data sources included in it: MailSecurity's formerly proprietary SURBL lists, data from Joe Wein's jwSpamSpy Windows POP mail spam-filtering agent, and data from Raymond Dijkxhoorn's Prolocation RBL. Thanks for providing those Joe, MailSecurity and Raymond! Here are some links to more information about those sources: http://www.surbl.org/lists.html#ws http://www.mailsecurity.net.au/ http://www.joewein.de/sw/jwSpamSpy/index.htm http://www.prolocation.net/ jwSpamSpy is a POP3 spam scanner for Windows. jwSpamSpy looks like it should have pretty good spam performance since Joe's URI domain blacklist has a lot of overlap with some of the ws.surbl.org data plus many other quickly added entries as described at: http://www.joewein.de/sw/spam-bl.htm Those new data sources join entries in ws from three SpamAssassin rulesets: Bill Stearns' sa-blacklist, BigEvil.cf from Chris Santerre and his SARE cohorts, and Paul Barbeau's MidEvil.cf. Other manual lists are also included in WS, most of which are being processed and hand-checked by Chris Santerre. ws now has about 30k records, and here are some statistics from Raymond's mail system: SpamAssassin tag hits: (top 100) #1 64675 BAYES_99 #2 54198 HTML_MESSAGE #3 44694 RCVD_IN_SBL+XBL #4 43427 RCVD_IN_BL_SPAMCOP_NET #5 37191 RCVD_IN_SORBS #6 35888 WS_URI_RBL #7 33729 SPAMCOP_URI_RBL #8 33089 MIME_HTML_ONLY #9 32485 OUTBLAZE_URI_RBL #10 26678 RCVD_IN_DSBL #11 19665 RCVD_IN_AHBL #12 19662 RCVD_IN_DYNABLOCK #13 19146 CLICK_BELOW #14 18374 ABUSEBUTLER_URI_RBL WS, SC and OB are detecting roughly the same numbers of spams, though they may be somewhat different spams. Thanks to everyone who is providing data, checking data or otherwise helping with the SURBL project! Please remember to report false positives in SURBLs back to us on the SURBL discussion list or whitelist at surbl dot org http://lists.surbl.org/mailman/listinfo/discuss Jeff C. -- Jeff Chan mailto:jeffc@surbl.org http://www.surbl.org/

1 0

ANNOUNCE: Mail::SpamAssassin::SpamCopURI 0.20
by Eric Kolve 01 Aug '04

01 Aug '04

Just released SpamCopURI 0.20. Biggest change is support for multi.surbl.org. Let me know if you see anything strange. See the change notes below for what you need to do for your config. 0.20 Sat Jul 31 22:02:20 PDT 2004 - adding max url config param to limit number of URLs checked in an email. Usage (place into .cf file): spamcop_uri_limit 50 Default is unlimited. - adding support for multi.surbl.org / bitmasked results. query results are cached on a per msg basis to prevent additional lookups. Modify your configuration to look like the following for sc.surbl.org: uri SPAMCOP_URI_RBL eval:check_spamcop_uri_rbl('multi.surbl.org','127.0.0.0/2') describe SPAMCOP_URI_RBL URI's domain appears in spamcop database at sc.surbl.org tflags SPAMCOP_URI_RBL net ws.surbl.org would look like this: uri WS_URI_RBL eval:check_spamcop_uri_rbl('multi.surbl.org','127.0.0.0/4') describe WS_URI_RBL URI's domain appears in ws database at ws.surbl.org tflags WS_URI_RBL net - Removed configuration params: spamcop_uri_src and spamcop_uri_path since these should never be used anymore. - added cleanup for hosts that come in with a dot in front of of the host (e.g. http://.spammy-site.org) http://sourceforge.net/projects/spamcopuri/ --eric

1 1

[SURBL-Announce] ANNOUNCE: How to report false positives in ph anti-phishing list to MailSecurity
by Jeff Chan 28 Jul '04

28 Jul '04

We've updated the SURBL Lists document to add information about how to contact MailSecurity with reports about false positives in ph, the anti-phishing list included (only) in multi.surbl.org: http://www.surbl.org/lists.html#ph "Please report false positives on the ph list to: postmaster at corp.mailsecurity.net.au. Be sure to include supporting reasons explaining why the domain should not be listed." Jeff C. -- Jeff Chan mailto:jeffc@surbl.org http://www.surbl.org/

1 0

[SURBL-Announce] ANNOUNCE: How to report false positives in ob.surbl.org to OutBlaze
by Jeff Chan 26 Jul '04

26 Jul '04

We've updated the SURBL Lists document to add information about how to contact OutBlaze with reports about false positives in ob.surbl.org: http://www.surbl.org/lists.html "Please report false positives found in the ob list to postmaster at outblaze dot com. Be sure to include a supporting email explaining why the domain should not be listed." Jeff C. -- Jeff Chan mailto:jeffc@surbl.org http://www.surbl.org/

1 0

[SURBL-Announce] ANNOUNCE: lists.surbl.org added MXer: vmx03.prolocation.net
by Jeff Chan 18 Jul '04

18 Jul '04

We've added another round robin primary MXer for lists.surbl.org, where the SURBL mailing lists are coming from: vmx03.prolocation.net In case anyone is somehow authenticating sending servers, you may need to add this new server to any mail server whitelists, etc. The prolocation addresses and servers are generally not on RBLs, but it has been mentioned that some of their IPs may be listed in SPEWs (which is being checked and corrected if so). We mention this mainly because some people have gotten bounce (delivery failure) notifications from our Mailman (mailing list manager program) lately, and had their mail automatically disabled. To re-enable it, follow the instructions in the notification or visit the lists web site: http://lists.surbl.org/ This could also perhaps have been caused an intermittent problem while the new MXer was propagating in the DNS. lists.surbl.org preference = 10, mail exchanger = vmx01.prolocation.net lists.surbl.org preference = 10, mail exchanger = vmx02.prolocation.net lists.surbl.org preference = 10, mail exchanger = vmx03.prolocation.net lists.surbl.org preference = 100, mail exchanger = mx03.prolocation.net lists.surbl.org preference = 200, mail exchanger = mx01.prolocation.net lists.surbl.org preference = 300, mail exchanger = mx02.prolocation.net lists.surbl.org preference = 500, mail exchanger = mx04.prolocation.net vmx01.prolocation.net internet address = 212.127.254.132 vmx02.prolocation.net internet address = 212.127.254.133 vmx03.prolocation.net internet address = 81.23.230.33 mx03.prolocation.net internet address = 194.171.240.23 mx01.prolocation.net 213.73.255.243 mx02.prolocation.net 213.197.29.6 mx04.prolocation.net 213.206.89.181 Jeff C. -- Jeff Chan mailto:jeffc@surbl.org http://www.surbl.org/

1 0

Welcoming another new public name server
by Jeff Chan 03 Jul '04

03 Jul '04

We'd like to welcome and thank another new public name server administered by: Lindsay Snider of pa.net Without the help of all of our public nameservers and their administrators, SURBLs would not be possible. Thanks all! Jeff C. -- Jeff Chan mailto:jeffc@surbl.org http://www.surbl.org/

1 0

Welcoming a new public name server
by Jeff Chan 02 Jul '04

02 Jul '04

We'd like to welcome and thank a new public name server administered by: Mike Atkinson of kconline.com Without the help of all of our public nameservers and their administrators, SURBLs would not be possible. Thanks Mike, kconline and all! If anyone else would like to provide DNS for SURBLs to the Internet community, please contact us at rsync at surbl.org. :-) Jeff C. -- Jeff Chan mailto:jeffc@surbl.org http://www.surbl.org/

1 0

[SURBL-Announce] ANNOUNCE: New whitelist source: public companies' domains
by Jeff Chan 01 Jul '04

01 Jul '04

I've added a new whitelist source: domains of publically-traded companies listed at dmoz and Google: http://www.dmoz.org/Business/Major_Companies/Publicly_Traded/ http://directory.google.com/Top/Business/Major_Companies/Publicly_Traded/ (Public listing in this context means companies that can sell stock on U.S. exchanges. It includes mostly U.S. and some foreign companies, from large to small.) Each yields lists of about 4300 or so of mostly the same domains which are now all excluded from SURBLs. Here are the extracted dmoz and Google public company domain lists: http://spamcheck.freeapp.net/whitelists/public-companies-domains.dmoz.sort http://spamcheck.freeapp.net/whitelists/public-companies-domains.google.sort The scripts which produce these are at: http://spamcheck.freeapp.net/whitelists/public-companies/grab-dmoz http://spamcheck.freeapp.net/whitelists/public-companies/grab-google They're called from a cron job nightly to help keep the lists up to date. These new whitelists hit only a few production SURBL domains (at 14 out of about 40k records): autoweb.com cott.com egreetings.com fs.com infousa.com insweb.com ivillage.com learningtree.com mediabay.com net.com netcreations.com nutrisystem.com scholastic.com spss.com Interestingly, the 6dos data in ds.surbl.org hit a mostly different set: alloy.com befree.com commtouch.com digitalimpact.com doubleclick.com elsitio.com euniverse.com harrisinteractive.com herbalife.com infousa.com lifeminders.com mediaplex.com ncen.com netcreations.com netiq.com networkcommerce.com pcmall.com real.com uslec.com But the hits against 6dos are also few (at 19 out of about 87k records). Jeff C. -- Jeff Chan mailto:jeffc@surbl.org http://www.surbl.org/

1 0

ANNOUNCE: New SURBL lists: ob, ab, multi
by Jeff Chan 30 Jun '04

30 Jun '04

We are pleased to announce the availability of three new SURBL lists: ob.surbl.org - OutBlaze spamvertised sites ab.surbl.org - AbuseButler spamvertised sites multi.surbl.org - Combined SURBL list ob is a large list of about 20k spamvertised sites kindly provided by OutBlaze and based on data found in their spam traps. ob has a strong spam detection rate of around 70% and a low false positive rate around 0.1%. Only domains that have been registered within the past 90 days are included in ob.surbl.org and this "newness" requirement is probably one of the reasons for the low FP rate, given how quickly spammers use and must discard domains for their web sites. ab is a smaller list of the top 425 or so spamvertised sites over the past 7 days kindly provided by AbuseButler: http://spamvertised.abusebutler.com/ AbuseButler's data sources include SpamCop and native reports. In general philosophy and data processing styles, ab.surbl.org is similar to my own sc.surbl.org which is also based on SpamCop data, and the results of both lists are similar, but not identical. multi is a bitmask-combined version of all of the other lists plus an anti-phishing list provided by Mail Security: http://www.mailsecurity.net.au/ The latter is identified as "ph" and it is not available as a separate list as its size probably does not justify the resources of its own zone file, etc. However the data in ph is important since it represents sites likely to be criminally phishing for personal and financial information. Because list membership in multi.surbl.org is encoded in a bitmasked fashion, results from multi need to be decoded into their constituent lists by programs such as urirhssub in SpamAssassin 3.X. Support for this decoding may be back-ported into the SpamAssassin 2.63 program for using SURBLs, SpamCopURI. We expect that multi.surbl.org will become the list of choice for SURBL use going forward, due to the convenience of getting all list data in a single list, only needing to cache a single zone file, etc. More information about the all SURBL lists can be found at: http://www.surbl.org/lists.html Please feel free to ask questions or leave comments about SURBLs on our discussion list at: http://lists.surbl.org/mailman/listinfo/discuss Please let us know about any false positives at: whitelist at surbl dot org Cheers, Jeff C. -- Jeff Chan mailto:jeffc@surbl.org http://www.surbl.org/

1 0

← Newer
1
...
12
13
14
15
16
17
18
19
Older →

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Announce