Discuss September 2004

discuss@lists.surbl.org

62 participants
229 discussions

Please test MailPolice Fraud list
by Jeff Chan 12 Nov '04

12 Nov '04

Please test the MailPolice Fraud list as Bill described earlier (copied below). We would like to include this data in our PH anti-phishing list, but request your help in testing it first. We're particularly interested in any false positives. Jeff C. __ This is a list that MailPolice hosts and I have been running it for a few hours and it has already flagged some phish and fraud e-mails. Here is some info about the list: http://rhs.mailpolice.com/#rhsfraud This is my configuration for SA 2.64 with the SpamCopURI plug-in: uri MP_URI_RBL eval:check_spamcop_uri_rbl('fraud.rhs.mailpolice.com','127.0.0.2') describe MP_URI_RBL URI's domain appears in MailPolice fraud list tflags MP_URI_RBL net score MP_URI_RBL 2.0 And for SA 3.0 with the URIDNSBL plug-in: urirhsbl URIBL_MP fraud.rhs.mailpolice.com. A header URIBL_MP eval:check_uridnsbl('URIBL_MP') describe URIBL_MP URI's domain appears in MailPolice fraud list tflags URIBL_MP net score URIBL_MP 2.0 Bill

5 16

Lists anounced on SA-dev and users
by Jeff Chan 31 Oct '04

31 Oct '04

FWIW I've announced these lists on spamassassin-dev and spamassassin-users. Hopefully we will get some additional interested folks to join in. Jeff C. __ Jeff Chan mailto:jeffc@surbl.org http://www.surbl.org/

2 1

Possible FP
by Bitz 02 Oct '04

02 Oct '04

X-Spam-Status: No, hits=5.0 required=10.0 tests=WS_URI_RBL=5 cellular4free . com No hits from Google/NANAS

3 6

Postfix pre-queue filter
by Yves Junqueira 01 Oct '04

01 Oct '04

Hi, I've just uploaded to sourceforge the first version of a spamvertised URIs pre-queue filter for Postfix. It's simple and effective. It will analyse the message before it enters the queue and, in case of a listed url, it will REJECT the message and the sending client will take the proper actions. http://prdownloads.sourceforge.net/pf-aux/suriproxy-0.8.tar.gz?download See the readme file for instructions. I can't assure how stable it is at the momment, that's why I am asking some feedback. What do you think? -- Yves Junqueira http://www.lynx.com.br

3 3

Help classify quickinspirations.com
by Chris Santerre 01 Oct '04

01 Oct '04

quickinspirations.com Thoughts on this guy? 48 NANAS hits. Listed in dnsbl.njabl.org Didn't we already classify this? I wonder if we can get a crossref lookup of the global whitelist, so we can see what has already been whitelisted. I belive this is a spammer in sheeps clothing. But it fools people into signing up for a stupid inspiration newsletter. But the subjects of the newsletter are stuff like: Subject: Get a Credit Report Instantly! Then a inspiration quote, then a big ad. I think we may see more of this in the future. I think it is a UC candidate. Do we have enough listed in UC for testing yet? Chris Santerre System Admin and SARE Ninja http://www.rulesemporium.com http://www.surbl.org 'It is not the strongest of the species that survives, not the most intelligent, but the one most responsive to change.' Charles Darwin

8 21

RE: [SURBL-Discuss] Help classify quickinspirations.com
by Chris Santerre 01 Oct '04

01 Oct '04

>-----Original Message----- >From: Patrik Nilsson [mailto:patrik@patrik.com] >Sent: Thursday, September 30, 2004 4:55 PM >To: SURBL Discussion list >Subject: RE: [SURBL-Discuss] Help classify quickinspirations.com > > >At 09:25 2004-09-30 -0700, Bret Miller wrote: >> > quickinspirations.com >> >>When this one came up here, every person who received it classified it >>as spam when I asked and so it remains that in my mind. > >And I still haven't seen any response actually arguing a real >reason why >quickinspirations.com should be whitelisted. > >We're not just whitelisting domains because someone, who doesn't even >bother to argue why, asks us to, do we? > >"This is reported as spam, looks like spam and smells like >spam, but we >will whitelist it just because it might be caught by other >antispam systems >anyway" isn't a very convincing argument. > ^LOL^ Oh I'm not comenting in that one ;) I'll let Jeff explain it, because I still don't understand this one. --Chris

3 2

stopping ds.surbl.org service
by Jeff Chan 01 Oct '04

01 Oct '04

ds.surbl.org was an experimental list which is no longer getting any hits. We were serving it on a few name servers as a separate test list. I'd like to shut it down. Does anyone have any comments about doing that? If in future the folks behind the data are able to make a slice of it that only has pure spammers, then perhaps we may use it, but they don't appear to be moving in that direction currently. Jeff C. -- "If it appears in hams, then don't list it."

3 5

RE: [SURBL-Discuss] Help classify quickinspirations.com
by Chris Santerre 01 Oct '04

01 Oct '04

>-----Original Message----- >From: Jeff Chan [mailto:jeffc@surbl.org] >Sent: Thursday, September 30, 2004 12:54 AM >To: 'SURBL Discussion list' >Subject: Re: [SURBL-Discuss] Help classify quickinspirations.com > > >On Wednesday, September 29, 2004, 7:34:53 PM, Jeff Chan wrote: >> Most of these sites have open subscription forms, which invites >> abuse. If they have any kind of incentive programs for >> "affiliates" or anything like that, then that plus open >> subscriptions would *beg* for abuse. > >> That said, SBL does not list quickinspirations.com name servers >> or web site, etc. But NJABL does, and so do some others. > >OK I took a look at the NANAS hits, and all quickinspirations >mail seems to be sent from the same /27: > >64.37.73.212 64.37.73.221 64.37.73.218 64.37.73.214 >64.37.73.211 64.37.73.217 ... > >So if you block 64.37.73.192/27 or RBL it, ***you'll probably >never see any mail from quickinspirations ever again***. And anyone else who might be hosted on thos servers. :) > >Since these can be trivially blocked using regular RBLs or access >lists these probably aren't great SURBL candidates to begin with. > Trivial yes, but some people may prefer to use SURBL for this as it is 'safer' because it only blocks based on the domain. You yourself have said this about IPs. >The same cannot be said of spammers using zombies. Yes, but we are targeting spammers, not just spammers using zombies :) I'm wondering if we relist it, how long it would be until we heard someone complain. I'm only making this kind of a big deal because I think we will see this method grow. Hell what is to stop the spammer from getting his sister to complain to us that she signed up for this newsletter and it needs to be whitelisted? Something to consider is weighting the whitelist requests for domains that don't feel right like this one. One request for a domain like this may not cut the mustard. 3...OK. --Chris

3 3

RE: [SPAM-TAG] [SURBL-Discuss] Spammer threatening to suesingle4y ou.net
by Chris Santerre 01 Oct '04

01 Oct '04

>-----Original Message----- >From: Jeff Chan [mailto:jeffc@surbl.org] >Sent: Sunday, September 26, 2004 11:50 PM >To: SURBL Discuss >Subject: Re: [SPAM-TAG] [SURBL-Discuss] Spammer threatening to >suesingle4you.net > > >On Sunday, September 26, 2004, 8:35:40 PM, Joe Wein wrote: >> "Jeff Chan" <jeffc(a)surbl.org> >>> But that's not the question. The question is: does the domain >>> have legitimate uses. If so we shouldn't list it. We should not >>> list domains that have legitimate uses, even if they do send >>> in some spam. > >> Hi Jeff, > >> the latest emails from Mr. Schiffer were much more friendly >in tone. He also >> admitted that he was only bluffing when he talked about >legal action, as he >> really does not have any money for that. > >> I have removed his listing and let him know about that. I >hope he learnt >> something from it. > >> I probably wouldn't have removed the domain without your >reminder. Looking >> at this case I realise how difficult it really is for >submitters *not* to >> list spammers who may have some legitimate uses. > >> Joe > >Thanks Joe. Hopefully he's learned his lesson. > What the hell?? I just read this whole thread! I would not have taken this guy off! No way in hell!!!!! Ray, add this yahoo to UC please! The domain is brand new, sends spam, and screams about getting listed! How the hell can he be legit! Did you guys read the NANAS listings that showed his wonderful emails? These are just the ones reported. He 'purchased' a list. So none of these were opt in. This is not the last we will hear of this guy. I think taking him off is a mistake. And IF he does it again, I'll report his a$$ to every RBL I can find, simply because you guys removed this idiot. --Chris (Jaded, fed up, and tired of the BS.)

7 13

RE: [SURBL-Discuss] FP: smithbarney.com
by Chris Santerre 01 Oct '04

01 Oct '04

>-----Original Message----- >From: Alex Broens [mailto:surbl@alexb.ch] >Sent: Thursday, September 30, 2004 3:35 PM >To: SURBL Discussion list >Subject: Re: [SURBL-Discuss] FP: smithbarney.com > > >Rob McEwen wrote: >> FP: smithbarney.com >> >> (followup comments) >> >> I was trying to think... how did this one get on there? It >seems like it >> just barely missed the various institutional-based whitelists. >> >> I did a search of this on alexa.com and their site is ranked >just inside the >> top 20,000 web sites. >> >> SEE: >> http://www.alexa.com/data/details/?url=smithbarney.com >> >> Then I thought, wouldn't it be interesting to run the top >20,000 Alexa sites >> against SURBL... double-check whichever of these are >currently getting >> "caught" by SURBL. Remove any which should be removed, (I'm >sure at least a >> few would remain in SURBL??). Then whitelist all of the 20k >that haven't >> been specifically determined as needing to remain in SURBL. > >Guys...... >SURBL is used by the world, not only the US > >Alexa.com doesn't have the best of reputations on this side of >the pond. > >Their Privacy Policy is dubious: >-------------- >ALEXA'S TOOLBAR SERVICE COLLECTS AND STORES INFORMATION ABOUT THE WEB >PAGES YOU VIEW, THE DATA YOU ENTER IN ONLINE FORMS AND SEARCH FIELDS, >AND, WITH VERSIONS 5.0 AND HIGHER, THE PRODUCTS YOU PURCHASE ONLINE >WHILE USING THE TOOLBAR SERVICE. ALTHOUGH ALEXA DOES NOT ATTEMPT TO >ANALYZE WEB USAGE DATA TO DETERMINE THE IDENTITY OF ANY ALEXA >USER, SOME >INFORMATION COLLECTED BY THE TOOLBAR SERVICE IS PERSONALLY >IDENTIFIABLE. >ALEXA AGGREGATES AND ANALYZES THE INFORMATION IT COLLECTS TO >IMPROVE ITS >SERVICE AND TO PREPARE REPORTS ABOUT AGGREGATE WEB USAGE AND SHOPPING >HABITS. >--------------- >more @ http://pages.alexa.com/help/privacy.html > > >Pls don't force whitelisting more than necessary, or put these domains >in your site's whitelist but spare us whitelisting their associates as >much as possible > >Alex I agree. smithbarney should NEVER have been added! Whitelist them. Flogg the person that added them. --Chris (*brakes out the ridding crop*)

2 1

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Discuss September 2004