Discuss September 2004

discuss@lists.surbl.org

62 participants
229 discussions

RE: uribl.cgi broken?
by Dallas L. Engelken 02 Sep '04

02 Sep '04

> > Hi Dallas, > > after more than a month I'm back on-line... so I returned to > my usual SURBL reporting for Bill's list using > http://www.rulesemporium.com/cgi-bin/uribl.cgi > > However, for some reason, I can't post any domain name ending in '.ar' > (Argentina, my country) in the bl check form. > Looks like whois lookups to AR.WHOIS-SERVERS.NET do not work... Anyone know where I can do whois lookups for .AR domains at??? > I tried cursosuba-REMOVETHIS.com.ar and I get a '500 server > error' page saying: > ============================================================= > Server error! > Ya, I just added an eval() to the whois() call to prevent failures to connect to whois servers from killing the script. You shouldn't have any problems now. > > I also tried other valid and invalid domains in .ar and I > allways go the same result. > > I don't know if you upgraded something or if something went > foobar, but about a month ago, that was running just fine. > We just recently added the whois lookup info.. So we can see how old a particular domain is quickly. Thanks, Dallas

2 2

Re: Applying SURBL against blog comment spammers
by Jeff Chan 02 Sep '04

02 Sep '04

On Wednesday, September 1, 2004, 11:25:40 PM, Matthew Hunter wrote: > I just whipped up some code to reject trackback/comment spam > using a SURBL as a data source. Unfortunately, the people > spamming my weblogs aren't in multi.surbl.org, so I will have to > maintain my own local blacklist server. > The single most useful thing that could be done wrt fighting spam > in weblogs would be an SURBL source that had the offending > domains in it. I would offer to make mine public, but I don't > have the IP to spare at the moment... > Does anyone know of an appropriate SURBL list? Hi Matthew, We could perhaps set up a separate SURBL for blog spammers. It would be a slight shift in focus since the other SURBLs are all for email spam. Can you give an idea of how many records you have? Also have you tried Jay Allen's MT-Blacklist/Comment Spam list: http://www.jayallen.org/comment_spam/ It would be interesting to look at your data to see if there's much overlap with our existing lists. In the case of Jay's data, there's nearly none. Jeff C. -- Jeff Chan mailto:jeffc@surbl.org http://www.surbl.org/

4 4

RE: [SURBL-Discuss] Proposing a greylist
by Chris Santerre 02 Sep '04

02 Sep '04

>-----Original Message----- >From: Jeff Chan [mailto:jeffc@surbl.org] >Sent: Thursday, September 02, 2004 10:45 AM >To: SURBL Discuss >Subject: Re: [SURBL-Discuss] Proposing a greylist > > >On Thursday, September 2, 2004, 7:09:27 AM, Chris Santerre wrote: >> I am officially proposing a greylist surbl. > >> We are going to see more and more of this stuff. We might as >well deal with >> it now. I'm suggesting a greylist for all spammers that ride >that line. Like >> the euniverse junk we have been talking about. > >> 1)We DO NOT include it in multi. >> 2)We SCREAM to the world that it WILL hit some legit, and >that only hard >> liners should use. >> 3)We DON'T remove domains unless they go completely black, >or have no NANAS >> hits for 3-4 months. >> 4)See number 2 again. >> 5)We tell people it is completely optional and to see number 2. > >> I predict it would be used more for personal emails. IT also >gives us an in >> between mechanism. Rather then list or no list. We get a grey list we >> desperately need. > >I'd rather focus on black lists for the upstream mail servers. I know, but we need some middle ground. Take the chokepoints ;) > >Greylists are messier, more time-consuming, difficult to >categorize, error-prone, controversial, and subjective >than black or white lists. We can already see how much >effort a few borderline cases consume. Creating and >maintaining these as a third category would multiply that. Actually I find it LESS time consuming! While we are figuring out what to do, we simply drop them into the grey list. I think it would take far less time! Someone submitts them again, we can see they have already been greylisted, gives reviewers more info. I see this being no more work then we already do. We just get a third option. > >If we make greylists, they will be misapplied, legitimate >mails will be blocked, people will (somewhat rightly) >complain, and our reputation will be damaged. > We can never provide a technical solution to stupidity. Misuse of the list is NOT our problem. It really isn't. I think the creation of a greylist will HELP our reputation. Right now people say "How come they don't list XXXXX.com?" or "I keep getting these and submitting but you won't list!" Well now we could say, use the greylist, but it WILL block legit emails. We won't skirt around that at all. Flat out tell people that the domains listed in the grey list do have legit uses, but also send spam. Choice is theirs. >I know it would perhaps be more fun to play the "find every >spammer" game, but I think we should instead focus on >improving the quality of the data we already have. You have to read my signiture quote again. I'm thinking of how Mr.Spammy is going to deal with his SURBL problem. He is going to host some legit sites. > >When we can get the FP rate of WS below 0.01%, then maybe >we can think about greylists.... ;-) > >Jeff C. That is our goal. And we are a hell of a lot more responsive then other RBLs are. greylisting is our future. Hell I'll maintain it alone if you want! Chris Santerre System Admin and SARE Ninja http://www.rulesemporium.com http://www.surbl.org 'It is not the strongest of the species that survives, not the most intelligent, but the one most responsive to change.' Charles Darwin

1 0

uribl.cgi broken?
by Mariano Absatz 02 Sep '04

02 Sep '04

Hi Dallas, after more than a month I'm back on-line... so I returned to my usual SURBL reporting for Bill's list using http://www.rulesemporium.com/cgi-bin/uribl.cgi However, for some reason, I can't post any domain name ending in '.ar' (Argentina, my country) in the bl check form. I tried cursosuba-REMOVETHIS.com.ar and I get a '500 server error' page saying: ============================================================= Server error! The server encountered an internal error and was unable to complete your request. Error message: Premature end of script headers: uribl.cgi If you think this is a server error, please contact the webmaster Error 500 www.rulesemporium.com Thu 02 Sep 2004 10:09:30 AM CDT Apache ============================================================= I also tried other valid and invalid domains in .ar and I allways go the same result. I don't know if you upgraded something or if something went foobar, but about a month ago, that was running just fine. TIA -- Mariano Absatz - El Baby el (dot) baby (AT) gmail (dot) com el (punto) baby (ARROBA:@) gmail (punto) com

1 0

RE: [SURBL-Discuss] RE: Applying SURBL against blog comment spamm ers
by Chris Santerre 02 Sep '04

02 Sep '04

>-----Original Message----- >From: Rob McEwen [mailto:rob@powerviewsystems.com] >Sent: Thursday, September 02, 2004 9:54 AM >To: 'SURBL Discussion list'; 'Jeff Chan'; 'SATalk' >Subject: RE: [SURBL-Discuss] RE: Applying SURBL against blog comment >spammers > > >>SO I say, go ahead and add them. > >Chris... where have you been? We have had extensive >discussions recently >where we all concluded that we have to make getting the FPs >down a priority >and the only way to do this is to (gulp), allow some >graymarketers loose >(those who do a some or much spamming but who do have some >legitimate uses). >It wasn't an easy decision... but the need to get SURBL to a >"set it and >forget it" point is mission critical. > >>However I would like to see an example of a spam'd blog. > >Happens all the time in the comments section of these blogs. >Not often with >blogger.com, more often with Moveable Type blogs because (1) >these link to >the comments section, (2) the comments section is usually >permanent with MT, >and (3) these comments then get indexed by search engines. > >It is this last thing that is key. These blog spammers don't >seriously think >that they are going to sell much based on human beings viewing >their spam. >They just want search engine position because Google sees a link from >such-in-such blog to the spammers web site as a "vote" by >such-in-such blog >for that spammers site, thus raising the spammer's site's rankings on >Google. > >Mischievous... but a very powerful marketing technique! > >For examples, see the following: > >http://www.google.com/search?hl=en&ie=UTF-8&q=%22diet+pills%22+ PERFECT!!! So adding these would cause us FPs? You are invited to check some helpful info dedicated to http://www.bestonline-site.com/ weight loss http://www.poker-4u.net/ poker http://www.casino-121.net/ casino http://www.casino747.net/ casino http://www.casino-wins.net/ casino http://www.poker121.net/ poker http://www.worldwide-sites.net/ casino http://www.online-consultation24x7.com/ diet pills http://www.online-scores24x7.com/ poker http://www.weightloss-4me.net/ weight loss http://www.diet-pills-24x7.net/ diet pills http://www.weightloss2004.net/ weight loss http://www.weight-loss-24x7.net/ weight loss http://www.worldwide-diet-pillsl.net/ diet pills http://www.weight-loss-4me.net/ weight loss http://www.discounts24x7.net/ weight loss http://www.poker-winner.net/ poker http://www.casinoplaces.net/ casino http://www.bestgames-winner.net/ casino http://www.dietpillssite.net/ diet pills http://www.bestonline-medication.net/ diet pills http://www.worldwide-weight-loss.net/ weight loss http://www.pokerkingdom.net/ poker http://www.bestdeals-winner.net/ poker Those are right from your examples :) I say it is a great source of domains! And I just removed a few 1000s of domains the other day in the interest of less FPs! Where have you been? :) On greylists.....see my other post. --Chris

2 1

RE: [SURBL-Discuss] Whitelist Please
by Chris Santerre 02 Sep '04

02 Sep '04

Uh...I'm confused. So you did or did not whitelist all of these. I would have thought that this one link would have been enough. Confused :) Flogo sucks donkey doughnuts. HOWEVER there are lusers who sign up for it. I would not list them. But some of these other domains, I would list. euniverse is not squeeky clean. --Chris >-----Original Message----- >From: Chris Santerre [mailto:csanterre@merchantsoverseas.com] >Sent: Wednesday, September 01, 2004 3:14 PM >To: 'Jeff Chan'; 'SURBL Discussion list' >Subject: RE: [SURBL-Discuss] Whitelist Please > > >Good grief NO! > >http://www.dietingplans.com/images/TSAE001.jpg > >I would definitely NOT get into the habit of whitelisting >other domains. One >at a time! Especially ones like these!! > >--Chris > >>-----Original Message----- >>From: Jeff Chan [mailto:jeffc@surbl.org] >>Sent: Wednesday, September 01, 2004 2:42 PM >>To: SURBL-List >>Subject: Re: [SURBL-Discuss] Whitelist Please >> >> >>On Wednesday, September 1, 2004, 5:47:11 AM, Bitz Bitz wrote: >>> http://www.funnygreetings.com >> >>> Listed at WS_URI_RBL >> >>> X-Spam-Status: No, hits=5.1 required=10.0 >tests=RATWR10_MESSID=0.111, >>> WS_URI_RBL=5 >> >>> Thanks, >>> -b. >> >>I've whitelisted: funnygreetings.com >> >>It belongs to euniverse. I've added it to these other euniverse >>domains: >> >>euniverse.com >>flowgo.com >>skilljam.com >>cupidjunction.com >>dietingplans.com >>intelligentx.com >>netlaughter.com >>cutestuf.com >>madblast.com >>infobeat.com >>gossipflash.com >>funnygreetings.com >> >>Jeff C. >> >>_______________________________________________ >>Discuss mailing list >>Discuss(a)lists.surbl.org >>http://lists.surbl.org/mailman/listinfo/discuss >> >_______________________________________________ >Discuss mailing list >Discuss(a)lists.surbl.org >http://lists.surbl.org/mailman/listinfo/discuss >

2 1

Re: [SURBL-Discuss] To MUNGE to not to MUNGE
by Rob 02 Sep '04

02 Sep '04

Currently, I do whitelist this list, but... ...and maybe I'm getting paranold here... What happens if spammers start adding SURBL tolkins to their spam? (like "lists.surbl.org") Are there not situations here which could defeat our whitelisting and force us back to munging anyway? BTW... SallyFoster.com is still listed at ws.surbl.org ...how soon can I expect it to be removed? (see earlier posts for background). Rob McEwen

5 5

FP: bankline.itau.com.br
by Alex Broens (Ninja Trainee) 01 Sep '04

01 Sep '04

Pls whitelist "bankline.itauMUNGED.com.br" Valid Bank Account Info was filtered out incorrectly. Assume Phising abuse, but..... http://www.itau.com.br/ (a genuine bank) Lots of NANAS entries..... If not willing to whitelist, pls let em know and I'll WL on my side Thanks Alex ----------------------------------------------------------- * 3.0 WS_URI_RBL URI's domain appears in ws database at ws.surbl.org * [banklineMUNGED.itauMUNGED.com.br is blacklisted in URI RBL] [at multi.surbl.org] ------------------------ Return-path: <itaumail(a)itau.com.br> Received: from servicos.itauMUNGED.com.br ([200.246.143.230]) by server.domain.tld (server.domain.tld) with ESMTP id 01-md50000009120.msg for <munged(a)munged.tld>; Wed, 01 Sep 2004 20:23:57 +0200 Received: from mail pickup service by servicos.itau.com.br with Microsoft SMTPSVC; Wed, 1 Sep 2004 15:23:34 -0300 From: <itaumail(a)itauMUNGED.com.br> To: <munged(a)munged.tld> Subject: [***SPAM***] Extrato ITAU 20891-0 AG 1170 Date: Wed, 1 Sep 2004 15:23:34 -0300 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_15E2_01C49037.A5579D00" X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4927.1200 Message-ID: <SIWT001CTOqqgNjWOiy0001af6b(a)servicos.itau.com.br> X-OriginalArrivalTime: 01 Sep 2004 18:23:34.0652 (UTC) FILETIME=[CABF13C0:01C49050] ------------------------- -> itau.com.br. type = A, class = 1, ttl = 86400, dlen = 4 IP address = 200.246.143.40 [ Informations about 200.246.143.40 ] IP range : 200.246.143.0 - 200.246.143.255 Infos : BANCO ITAU S.A. Infos : Av do Estado, 5533, 2A Infos : 03105-000 - Sao Paulo - SP Country : Brazil (BR) Abuse E-mail : abuse(a)embratel.net.br Source : BRNIC ------------------------

2 1

FP: banklineMUNGED-DOTitauMUNGED-DOTcomMUNGED-DOTbr
by Alex Broens (Ninja Trainee) 01 Sep '04

01 Sep '04

Seems the first try enver made it to the list...... Second try..... ---------------------------------------------------------------- Pls whitelist "bankline.itauMUNGED.com.br" Valid Bank Account Info was filtered out incorrectly. Assume Phising abuse, but..... http://www.itau.com.br/ (a genuine Brasilian bank) Lots of NANAS entries..... If not willing to whitelist, pls let me know and I'll WL on my side. Thanks Alex ----------------------------------------------------------- * 3.0 WS_URI_RBL URI's domain appears in ws database at ws.surbl.org * [banklineMUNGED.itauMUNGED.com.br is blacklisted in URI RBL] [at multi.surbl.org] ------------------------ Return-path: <itaumail(a)itau.com.br> Received: from servicos.itauMUNGED.com.br ([200.246.143.230]) by server.domain.tld (server.domain.tld) with ESMTP id 01-md50000009120.msg for <munged(a)munged.tld>; Wed, 01 Sep 2004 20:23:57 +0200 Received: from mail pickup service by servicos.itau.com.br with Microsoft SMTPSVC; Wed, 1 Sep 2004 15:23:34 -0300 From: <itaumail(a)itauMUNGED.com.br> To: <munged(a)munged.tld> Subject: [***SPAM***] Extrato ITAU 20891-0 AG 1170 Date: Wed, 1 Sep 2004 15:23:34 -0300 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_15E2_01C49037.A5579D00" X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4927.1200 Message-ID: <SIWT001CTOqqgNjWOiy0001af6b(a)servicos.itau.com.br> X-OriginalArrivalTime: 01 Sep 2004 18:23:34.0652 (UTC) FILETIME=[CABF13C0:01C49050] ------------------------- -> itau.comMUNGED-DOTbr. type = A, class = 1, ttl = 86400, dlen = 4 IP address = 200.246.143.40 [ Informations about 200.246.143.40 ] IP range : 200.246.143.0 - 200.246.143.255 Infos : BANCO ITAU S.A. Infos : Av do Estado, 5533, 2A Infos : 03105-000 - Sao Paulo - SP Country : Brazil (BR) Abuse E-mail : abuse(a)embratel.net.br Source : BRNIC ------------------------

1 0

Re: [SURBL-Discuss] Whitelist Please
by Rob McEwen 01 Sep '04

01 Sep '04

RE: funnygreetings.com Forgive me for my ignorance, but would someone please explain the rational for whitelisting funnygreetings.com in the first place. Unlike most here, I use a different program and I don't understand those spamassassin reports... moreover, are there really significant reasons to whitelist funnygreetings.com? Did someone's client complain about missing a message? I fear that this may be the quintessential situation that Jeff probably doesn't want to have to deal with... a hardcore spammer who does have a few legitimate services. It won't hurt my feelings if that list of domains gets removed from SURBL or even gets whitelisted, but I will definitely blacklist them locally on my server. Also, it would be nice to get a little more justification for their remove from SURBL... unless, of course, this is just a case of me not understanding that SpamAssassin report :) Rob McEwen

1 0

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Discuss September 2004