From raymond@prolocation.net Wed Jun 16 20:45:04 2004
From: Raymond Dijkxhoorn <raymond@prolocation.net>
To: discuss@lists.surbl.org
Subject: Re: [SURBL-Discuss] proxypots
Date: Wed, 16 Jun 2004 20:45:03 +0200
Message-ID: <Pine.LNX.4.44.0406162043570.13590-100000@mailbox.prolocation.net>
In-Reply-To: <20040616183927.4CECE590006@radish.jmason.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============7210243880778355368=="

--===============7210243880778355368==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit

Hi Justin,

> All of those are "www.{RANDOMWORD}.{com|net|org}".   Eventually there's
> one real link, which *is* SURBL-listed.  These are chaff.
> 
> Now, SORBS for one seems to be listing some of these sites; presumably
> because they have a spamtrap-driven feed without enough human moderation.
> That's the danger here.
> 
> 
> (btw, there's arguments to be made that a better selection mechanism
> can "weed those out", but that needs to be careful too.
> 
> - - Ignore .org/.net/.com?  spammer will use .biz, .info, and ccTLDs.
> - - Ignore 0-length links (<a href=...></a>)?  spammer will change
>   to use <a href=...>{RANDOMWORD}</a>.
> - - Ignore "dictionary words" somehow?  spammer will use random URLs
>   from google, so "real" sites.
> 
> so I don't think those approaches have much merit alone.)

Its 'just' a extra source, ... on mu pot i found a couple domains that 
were indeed spammer domains but not listed yet. It involves some manual 
action but i think its nice additions.

Bye,
Raymond.

--===============7210243880778355368==--