>-----Original Message-----
>From: Jeff Chan [mailto:jeffc@surbl.org]
>Sent: Thursday, September 09, 2004 5:26 PM
>To: Chris Santerre
>Cc: SURBL Discussion list (E-mail); Spamassassin-Talk (E-mail)
>Subject: Re: Start an IP list to block?
>
>
>On Thursday, September 9, 2004, 1:56:33 PM, Chris Santerre wrote:
>> OK, this isn't the first time we've had this discussion, but
>Raymond and I
>> felt this should be made public again. He ran thru some
>tests of 1500+
>> domains and found the following data. Looks like they maybe send from
>> zombies, and never their hosts. IPs are similar across the board.
>
>> So is there a way to use the IP info in a good way? Could SA
>or SURBL do a
>> quick ping of the URL and match against a URL? This would
>allow us to simply
>> list 1 IP instead of all these domains.
>
>> (I'm well aware of virtual hosts! So only the filthiest of
>spammers would be
>> put on this IP list. Then their IP better boot them or
>anyone hosted on that
>> box would feel the rath of SURBL.)
>
>Yes, we've already discussed reasons why we're using only the
>data actually found in spam URIs. The potential for collateral
>damage in looking at resolved IPs is too high.
>
>It would be very easy for a large hosting provider to have 1
>bad guy sharing a web server with 100 or 1000 non-spammers.
>Given that we can't see those other 100 or 1000, it would be
>very easy for us to add that 1 IP address and block the
>other 100 or 1000 *without even knowing it*.
>
>It is a question about the limits of knowledge. In our
>universe we can't see the potential collateral damage from
>listing a shared host, so we should not do it. From our
>point of view it's not knowable. Sure the hosting company
>knows whether that's the case, but we can't.
>
>I'd encourage people with questions like this to read up or
>take some classes on epistemology or the theory of knowledge.
>Or just contemplate the possibilities harder... ;-)
LOL, I love our conversations ;)
Well when I said filthy, I meant down right Christina Aguleira raunchy
spammers! The drippiest of rotten stinking spammers. Basically those hosted
by spam friendly hosts. This is a step I was sure you would not want to do,
but I can think of a ton on the SPAM-L list who would jump at the chance.
Makes ISPs become more responsible.
However this is just theory discussion anyway...or is it :p
--Chris