Discuss

discuss@lists.surbl.org

1 participants
1864 discussions

GoDaddy's take on Google patent (fwd)
by Justin Mason 24 Jul '05

24 Jul '05

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 not sure how useful this may be, but fyi... - --j. - ------- Forwarded Message > Date: Fri, 22 Jul 2005 22:11:13 -0600 > From: Marcia Blake > > This comes to us fresh from the July GoDaddy.com newsletter (naturally, > in a bit trying to sell longer domain registration terms on > GuessWhere): > > Google recently filed United States Patent Application 20050071741. As > part of that application, Google made apparent its efforts to wipe out > search engine spam, stating: > > "Valuable (legitimate) domains are often paid for several years in > advance, while doorway (illegitimate) domains rarely are used for more > than a year. Therefore, the date when a domain expires in the future > can be used as a factor in predicting the legitimacy of a domain and, > thus, the documents associated therewith." > > Domains registered for longer periods give the indication, true or > not, that their owner is legitimate. Google uses a domain's length of > registration when indexing and ranking a Web site for inclusion in > their organic search results. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Exmh CVS iD8DBQFC4pFrMJF5cimLx9ARAt0CAJ0Rjjd7Owx/ba4AhZzZc1NdmQI6xACeI0L9 FVY5zV+kY5cQuVH/VpEEYrQ= =w9zn -----END PGP SIGNATURE-----

3 3

Help checking domains
by Jeff Chan 20 Jul '05

20 Jul '05

Some of these were blacklisted recently, but perhaps shouldn't be. Do you have any information about these domains? tim.com.br 7 year old domain, but I can't read Portugese. What do they do? Is it possibly legitimate? callin.net Korean tech site of some kind. 5.5 years old. ivyro.net Korean, 2.5 years old. drugstorebestbuys.com Sells prescription drugs. Obviously very high spam potential, but has been around for about 4 years. bgreetings.com Greeting cards. Also potentially spammy, but more than 4 years old. Jeff C. -- Don't harm innocent bystanders.

2 1

[off-topic] Help with AOL Postmaster Problem
by Kevin A. McGrail 17 Jul '05

17 Jul '05

Hi All: Apologies in advance for off-topic post but it is for a good cause and if anyone will know an answer, it's most likely to come from the Anti-SPAM community. My company is pro bono handling the website and donating all the time to handle mailing list, web design, paypal coordination, and more for Susan Torres, a pregnant woman who collapsed from an aneurysm and is brain dead from a cancer. However, with her wishes and her families support they are trying to save her unborn child. The site is http://www.susantorresfund.org/ if you want to know more. However, on the more technical side, we have thousands and thousands of subscribers to the mailing list but AOL started rate limiting us on Thursday. We are vigilant anti-spammers and run a tight ship so we are not blacklisted or BUT we aren't whitelisted either. This is causing heavy queuing and complaints from customers all around. I have spoken at length to AOL's Postmaster Help Desk but they are telling me 5 days to 3 weeks to process the whitelist request which we placed on Friday. In the meantime, our customers are getting mad about their email, our servers are filling up on deferred emails and there is also major news expected on Monday the 18th which will make the issue much worse. The AOL Postmaster Case # is 155527142. The Ticket is 995445. The IP that needs whitelisting is 209.225.49.10. Anyone who has any contacts that can help escalate and resolve this issue as soon as possible (and hopefully before the 18th) would be greatly appreciated. Thanks in advance, Kevin A. McGrail aka KAM Chairman Peregrine Computer Consultants Corporation 3927 Old Lee Hwy, Suite 102-C Fairfax City, VA 22030-2422 http://www.pccc.com/ 800-823-8402 - 703-359-8451 Fax kmcgrail(a)pccc.com

2 2

Testing new versions of SC and XS
by Jeff Chan 14 Jul '05

14 Jul '05

The new SURBL data engine is ready enough to start testing. The external lists such as WS, JP, OB, AB, PH have essentially the same content as before, but the SC and XS lists are significantly updated. The new XS list is twice as large at about 1000 records and the inclusion is a lot more selective to get more spammers and far fewer FPs. The new SC list has about the same 500 or so records based on report counts, but adds nearly 4000 domains based on their IP resolutions into the most spammy networks. That's in addition to my manual blacklist which is also several thousand records now, but the manual blacklist applies to both old and new lists, so it's the bad IP domains that are the main change. By design, they're very spammy; they're pretty much the most spammy of those reported to SpamCop. I'd like us to start testing these now. We can simply change XS over to the new data at some point, but for SC, we should set up a temporary new domain like sc2.surbl.org so it can be tested independently of sc. The new lists should be significant improvements over the old lists, but naturally we should test the new SC list before putting it into production since sc is currently live. Would anyone with a public nameserver like to carry sc2 for testing? It is a temporary zone and will go away after testing. Please reply off list if you can serve it up. Perhaps we'll cut over XS when we have SC2 set up so the changes are more or less simultaneous. Might make testing/stats simpler to keep track of that way. Note: please don't start testing sc2 in a major way until we have several name servers set up. Even then the name servers probably won't handle large production loads, so it should be tested on smaller mail servers, test corpora, etc. We'll mention here when it's ok to start testing. Comments? Jeff C. -- Don't harm innocent bystanders.

1 0

Re: Discuss Digest, Vol 16, Issue 5
by J. Fowler 09 Jul '05

09 Jul '05

>On Friday, July 8, 2005, 4:55:18 PM, Jeff Chan wrote: > > >>On Thursday, July 7, 2005, 5:23:53 PM, Jeff Chan wrote: >> >> >>>On Thursday, July 7, 2005, 3:15:18 PM, Frank Ellermann wrote: >>> >>> >>>>Jeff Chan wrote in >>>><http://mid.gmane.org/41160649.20050707074952@surbl.org> >>>> >>>> > > > >>>>>Does anyone know of a new application doing queries against >>>>>multi.surbl.org by using dnsstuff's web site, as in: >>>>> >>>>> > >>FWIW Scott has traced the lookups to a very poorly implemented >>web site checker (probably looking for phishing sites) for Firefox. >>I'm asking him for more details. >> >> > >Here is the borkenware: > > https://addons.mozilla.org/extensions/moreinfo.php?application=firefox&id=9… > >Due to Scott's actions it is no longer functional as written. >I am leaving a comment on the board there: > > > I saw that addon and came across this: http://forums.mozillazine.org/viewtopic.php?t=283545 I'm not sure how an auto-update feature would work, perhaps if the ISP did it for their subscribers, but could this concept be a benifical extension to mozilla?

1 0

New application querying dnsstuff?
by Jeff Chan 09 Jul '05

09 Jul '05

Does anyone know of a new application doing queries against multi.surbl.org by using dnsstuff's web site, as in: http://www.DNSstuff.com/tools/lookup.ch?domain=example.com.multi.surbl.org If so, would you please let them know this is not the right way to query our SURBL lists. It's possibly malware, but more likely some new misbehaving application being run on end user client machines (dsl lines, etc.). Jeff C. -- Don't harm innocent bystanders.

3 6

RE: [SURBL-Discuss] FP report: theaimsgroup.com
by Chris Santerre 09 Jul '05

09 Jul '05

I show it whitelisted. --Chris >-----Original Message----- >From: jm(a)jmason.org [mailto:jm@jmason.org] >Sent: Friday, July 08, 2005 3:08 PM >To: discuss(a)lists.surbl.org >Subject: [SURBL-Discuss] FP report: theaimsgroup.com > > >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > > >in SC, JP? > >- --j. > >- ------- Forwarded Message >> Date: Fri, 08 Jul 2005 00:37:03 -0500 >> From: Antonio Gallardo <antonio(a)apache.org> >> To: Justin Mason <jm(a)jmason.org> >> Subject: The aimsgroup is a spam source? >> >> Hi Justin: >> >> I am sorry to bother you. I am not subscribed to any SA >list. This is >> why I sent this to you directly. The problem is that >theaimsgroup.com is >> started to be in SURBL. I wonder why. This is one of the >most consulted >> archives in the ASF. I think they are not spamming at all, >but you are >> more expert than me in this area. ;-) >> >> The mail contains some links to theaimsgroup.com. >> >> X-Spam-Level: ***** >> X-Spam-Status: Yes, score=5.4 required=5.0 tests=URIBL_JP_SURBL, >> URIBL_SC_SURBL autolearn=no version=3.0.4 >> X-Spam-Report: >> * 1.5 URIBL_JP_SURBL Contains an URL listed in the JP >SURBL blocklist >> * [URIs: theaimsgroup.com] >> * 3.9 URIBL_SC_SURBL Contains an URL listed in the SC >SURBL blocklist >> * [URIs: theaimsgroup.com] >> >> I hope you can send this to the right direction. ;-) >> >> Best Regards, >> >> Antonio Gallardo. >> >> ****************** FULL MAIL HEADER ************************* >> >> Return-Path: ><pmc-return-476-apmail-antonio=apache.org(a)forrest.apache.org> >> Received: from minotaur.apache.org (minotaur.apache.org >[209.237.227.194]) >> by ags01.agsoftware.dnsalias.com (8.13.1/8.13.1) with >SMTP id j685Mucc0 >> 19822 >> for <agallardo(a)agssa.net>; Fri, 8 Jul 2005 00:23:02 -0500 >> Received: (qmail 13192 invoked by uid 1746); 8 Jul 2005 >05:22:54 -0000 >> Delivered-To: antonio(a)locus.apache.org >> Received: (qmail 13149 invoked from network); 8 Jul 2005 >05:22:54 -0000 >> Received: from hermes.apache.org (HELO mail.apache.org) >(209.237.227.199) >> by minotaur.apache.org with SMTP; 8 Jul 2005 05:22:54 -0000 >> Received: (qmail 50553 invoked by uid 500); 8 Jul 2005 05:22:53 -0000 >> Delivered-To: apmail-antonio(a)apache.org >> Received: (qmail 50520 invoked by uid 500); 8 Jul 2005 05:22:53 -0000 >> Mailing-List: contact pmc-help(a)forrest.apache.org; run by ezmlm >> Precedence: bulk >> list-help: <mailto:pmc-help@forrest.apache.org> >> list-unsubscribe: <mailto:pmc-unsubscribe@forrest.apache.org> >> List-Post: <mailto:pmc@forrest.apache.org> >> Reply-To: "Forrest PMC List" <pmc(a)forrest.apache.org> >> List-Id: <pmc.forrest.apache.org> >> Delivered-To: mailing list pmc(a)forrest.apache.org >> Received: (qmail 50506 invoked by uid 99); 8 Jul 2005 05:22:52 -0000 >> Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) >> by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 07 Jul >2005 22:22:52 -0700 >> X-ASF-Spam-Status: No, hits=0.0 required.0 >> testsReceived-SPF: pass (asf.osuosl.org: local policy) >> Received: from [165.98.153.184] (HELO >ags01.agsoftware.dnsalias.com) (165.98.15 >> 3.184) >> by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 07 Jul >2005 22:22:51 -0700 >> Received: from [10.0.0.7] (apoyo.agsoftware.dnsalias.com [10.0.0.7]) >> by ags01.agsoftware.dnsalias.com (8.13.1/8.13.1) with >ESMTP id j685MdPi >> 019819 >> (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits%6 verify=NO) >> for <pmc(a)forrest.apache.org>; Fri, 8 Jul 2005 00:22:44 -0500 >> Message-ID: <42CE0D9F.9020505(a)agssa.net> >> Date: Fri, 08 Jul 2005 00:22:39 -0500 >> From: Antonio Gallardo <agallardo(a)agssa.net> >> Organization: AG Software, S. A. >> User-Agent: Mozilla Thunderbird 1.0.2-6 (X11/20050513) >> X-Accept-Language: en-us, en >> MIME-Version: 1.0 >> To: Forrest PMC List <pmc(a)forrest.apache.org> >> Subject: [SPAM] Re: Preferred list for Commiter Votes >> References: <20050529160659.57878.qmail(a)minotaur.apache.org> ><42C6FCAF.4000205@ >> Golux.Com> <200507030943.18618.niclas(a)hedhman.org> ><8b3ce379050706034241a46d74@ >> mail.gmail.com> <8ee0eeb0ed7be5045a3c8f836f6aec60(a)gbiv.com> ><42CD5C5B.1030908@G >> olux.Com> <20050708034055.GA23390(a)igg.indexgeo.com.au> >> In-Reply-To: <20050708034055.GA23390(a)igg.indexgeo.com.au> >> Content-Type: text/plain; charset=ISO-8859-1; format=flowed >> Content-Transfer-Encoding: 7bit >> X-Virus-Checked: Checked by ClamAV on apache.org >> X-Spam-Prev-Subject: Re: Preferred list for Commiter Votes >> X-Spam-Flag: YES >> X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on >> ags01.agsoftware.dnsalias.com >> X-Spam-Level: ***** >> X-Spam-Status: Yes, score=5.4 required=5.0 tests=URIBL_JP_SURBL, >> URIBL_SC_SURBL autolearn=no version=3.0.4 >> X-Spam-Report: >> * 1.5 URIBL_JP_SURBL Contains an URL listed in the JP >SURBL blocklist >> * [URIs: theaimsgroup.com] >> * 3.9 URIBL_SC_SURBL Contains an URL listed in the SC >SURBL blocklist >> * [URIs: theaimsgroup.com] >> Content-Length: 573 >> Status: O >> X-UID: 328 >> X-Keywords: >> >> >*************************************************************** >************ >> >> ------- End of Forwarded Message >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.2.5 (GNU/Linux) >Comment: Exmh CVS > >iD8DBQFCzs8sMJF5cimLx9ARAhibAJ42U4cNgE7bHixmzIJ5KmbZHlV+4gCgiiN9 >LsxJk98jU9N0TyWd0b+QUa4= >=xrGM >-----END PGP SIGNATURE----- > >_______________________________________________ >Discuss mailing list >Discuss(a)lists.surbl.org >http://lists.surbl.org/mailman/listinfo/discuss >

3 2

FP report: theaimsgroup.com
by jm＠jmason.org 08 Jul '05

08 Jul '05

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 in SC, JP? - --j. - ------- Forwarded Message > Date: Fri, 08 Jul 2005 00:37:03 -0500 > From: Antonio Gallardo <antonio(a)apache.org> > To: Justin Mason <jm(a)jmason.org> > Subject: The aimsgroup is a spam source? > > Hi Justin: > > I am sorry to bother you. I am not subscribed to any SA list. This is > why I sent this to you directly. The problem is that theaimsgroup.com is > started to be in SURBL. I wonder why. This is one of the most consulted > archives in the ASF. I think they are not spamming at all, but you are > more expert than me in this area. ;-) > > The mail contains some links to theaimsgroup.com. > > X-Spam-Level: ***** > X-Spam-Status: Yes, score=5.4 required=5.0 tests=URIBL_JP_SURBL, > URIBL_SC_SURBL autolearn=no version=3.0.4 > X-Spam-Report: > * 1.5 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist > * [URIs: theaimsgroup.com] > * 3.9 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist > * [URIs: theaimsgroup.com] > > I hope you can send this to the right direction. ;-) > > Best Regards, > > Antonio Gallardo. > > ****************** FULL MAIL HEADER ************************* > > Return-Path: <pmc-return-476-apmail-antonio=apache.org(a)forrest.apache.org> > Received: from minotaur.apache.org (minotaur.apache.org [209.237.227.194]) > by ags01.agsoftware.dnsalias.com (8.13.1/8.13.1) with SMTP id j685Mucc0 > 19822 > for <agallardo(a)agssa.net>; Fri, 8 Jul 2005 00:23:02 -0500 > Received: (qmail 13192 invoked by uid 1746); 8 Jul 2005 05:22:54 -0000 > Delivered-To: antonio(a)locus.apache.org > Received: (qmail 13149 invoked from network); 8 Jul 2005 05:22:54 -0000 > Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) > by minotaur.apache.org with SMTP; 8 Jul 2005 05:22:54 -0000 > Received: (qmail 50553 invoked by uid 500); 8 Jul 2005 05:22:53 -0000 > Delivered-To: apmail-antonio(a)apache.org > Received: (qmail 50520 invoked by uid 500); 8 Jul 2005 05:22:53 -0000 > Mailing-List: contact pmc-help(a)forrest.apache.org; run by ezmlm > Precedence: bulk > list-help: <mailto:pmc-help@forrest.apache.org> > list-unsubscribe: <mailto:pmc-unsubscribe@forrest.apache.org> > List-Post: <mailto:pmc@forrest.apache.org> > Reply-To: "Forrest PMC List" <pmc(a)forrest.apache.org> > List-Id: <pmc.forrest.apache.org> > Delivered-To: mailing list pmc(a)forrest.apache.org > Received: (qmail 50506 invoked by uid 99); 8 Jul 2005 05:22:52 -0000 > Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) > by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 07 Jul 2005 22:22:52 -0700 > X-ASF-Spam-Status: No, hits=0.0 required.0 > testsReceived-SPF: pass (asf.osuosl.org: local policy) > Received: from [165.98.153.184] (HELO ags01.agsoftware.dnsalias.com) (165.98.15 > 3.184) > by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 07 Jul 2005 22:22:51 -0700 > Received: from [10.0.0.7] (apoyo.agsoftware.dnsalias.com [10.0.0.7]) > by ags01.agsoftware.dnsalias.com (8.13.1/8.13.1) with ESMTP id j685MdPi > 019819 > (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits%6 verify=NO) > for <pmc(a)forrest.apache.org>; Fri, 8 Jul 2005 00:22:44 -0500 > Message-ID: <42CE0D9F.9020505(a)agssa.net> > Date: Fri, 08 Jul 2005 00:22:39 -0500 > From: Antonio Gallardo <agallardo(a)agssa.net> > Organization: AG Software, S. A. > User-Agent: Mozilla Thunderbird 1.0.2-6 (X11/20050513) > X-Accept-Language: en-us, en > MIME-Version: 1.0 > To: Forrest PMC List <pmc(a)forrest.apache.org> > Subject: [SPAM] Re: Preferred list for Commiter Votes > References: <20050529160659.57878.qmail(a)minotaur.apache.org> <42C6FCAF.4000205@ > Golux.Com> <200507030943.18618.niclas(a)hedhman.org> <8b3ce379050706034241a46d74@ > mail.gmail.com> <8ee0eeb0ed7be5045a3c8f836f6aec60(a)gbiv.com> <42CD5C5B.1030908@G > olux.Com> <20050708034055.GA23390(a)igg.indexgeo.com.au> > In-Reply-To: <20050708034055.GA23390(a)igg.indexgeo.com.au> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > Content-Transfer-Encoding: 7bit > X-Virus-Checked: Checked by ClamAV on apache.org > X-Spam-Prev-Subject: Re: Preferred list for Commiter Votes > X-Spam-Flag: YES > X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on > ags01.agsoftware.dnsalias.com > X-Spam-Level: ***** > X-Spam-Status: Yes, score=5.4 required=5.0 tests=URIBL_JP_SURBL, > URIBL_SC_SURBL autolearn=no version=3.0.4 > X-Spam-Report: > * 1.5 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist > * [URIs: theaimsgroup.com] > * 3.9 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist > * [URIs: theaimsgroup.com] > Content-Length: 573 > Status: O > X-UID: 328 > X-Keywords: > > *************************************************************************** > > ------- End of Forwarded Message -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Exmh CVS iD8DBQFCzs8sMJF5cimLx9ARAhibAJ42U4cNgE7bHixmzIJ5KmbZHlV+4gCgiiN9 LsxJk98jU9N0TyWd0b+QUa4= =xrGM -----END PGP SIGNATURE-----

1 0

RE: [SURBL-Discuss] Re: New application querying dnsstuff?
by Chris Santerre 08 Jul '05

08 Jul '05

>-----Original Message----- >From: Jeff Chan [mailto:jeffc@surbl.org] >Sent: Thursday, July 07, 2005 8:24 PM >To: Frank Ellermann >Cc: info(a)www.dnsstuff.com; discuss(a)lists.surbl.org >Subject: Re: [SURBL-Discuss] Re: New application querying dnsstuff? > > >On Thursday, July 7, 2005, 3:15:18 PM, Frank Ellermann wrote: >> Jeff Chan wrote in >> <http://mid.gmane.org/41160649.20050707074952@surbl.org> > >>> Does anyone know of a new application doing queries against >>> multi.surbl.org by using dnsstuff's web site, as in: > >> No. I just tested it (1), read Bill's reply, tested it again >> (2), and then I tried the "for details click here link" (3). > >> That resulted in an error page about rate limiting. So they >> do have "something" to limit queries. I can't check it, I'm >> now blocked - maybe an unnecessary "pragma nocache" caused it. > >> Bye, Frank > >Scott's deliberately rate limiting queries to try to track back >the source of them. He's hoping someone will notice their poorly >written application is breaking and will contact him. > >Jeff C. LOL I need to read my mail faster. I just traded off emails with Scott. Yup, he says it was a "Phish Blocking" plugin for firefox that was causing it. He unblocked me. I can't remember who I email these days, or what the subjects are. I blame lack of sleep ;) --Chris (Sony, I hate you and your 1.51 firmware!!!!)

1 0

Fw: [SURBL-Discuss] 20050615 embedded image spam
by Sean Sowell 08 Jul '05

08 Jul '05

>From an older thread, on Thursday, June 16, 2005 2152: > > >> >20050615-1132 inphonic.com [my original report] ... > Please take no action on this domain until I get back to the group. Please add inphonic.com to the SURBLs. Thank you. I've written to Tripp Donnelly at InPhonic several times and extended my deadline twice. My final deadline expired at 2:00 pm Eastern time today with no further response. They appear unwilling to take substantive action at my request to resolve this matter. InPhonic has forwarded me two brief emails, indicating that their "marketing partner" for the June 15th spam above is Rudy or Rootbert Smith. See Spamhaus Block List 14726 and SBL14683. Regarding 'Clearcut', see SBL20212. Also, regarding FreeDinnerPass, TheUseful and ExpertSavings, please see SBL19390 and SBL26183. My research indicates these spammers have cooperated with each other in the past. They may still be covering for each other today. Rudy Smith falsely claimed that I agreed to this and other spams because I signed up for an Olive Garden coupon last August. Unfortunately for him, I keep track of my web surfing. I have proof that I never gave my direct consent to be spammed by FreeDinnerPass, 'Clearcut' or anyone else to whom FreeDinnerPass provided my address. Again, please add inphonic.com to the SURBLs. Thanks again, Sean Sowell

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Discuss