Discuss

discuss@lists.surbl.org

1864 discussions

Re: [SURBL-Discuss] Feedback on adprofile.net wanted
by List Mail User 11 May '05

11 May '05

>... > >adprofile.net reportedly appeared in a flowers.com ham as: > ><td align="middle"><a href="http://tx.adprofile.net/tx/r?CID=12&M=3&sid=800ABC123"><IMG height=90 >src="http://a1234.g.akamai.net/f/1233/1234/1a/www.1800flowers.com/800f_assets/im… me >too120X90.gif" width="120" NOSEND="1" border="0"></a></td> > >Yet it's listed on WS by Bill Stearns. This may be a false >positive. Does anyone have any more information … [View More]

1 0

Spam dispersed across multiple messages
by Matthew Wilson 11 May '05

11 May '05

Has anyone seen any spams that use two (or more) messages to catch the recipient's eye? E.g.: The first message has cutesy CSS-obfuscated text and maybe a graphic or two, and informs/commands the user to watch for the follow-up email from the same person and with a certain given catchphrase in the subject line The second followup message that arrives a minute or two later is perhaps marked with an identical From: name (but not an identical from address), and perhaps the prophesied … [View More]

2 1

Re: [SURBL-Discuss] multi.surbl.org.rbldnsd Update Times
by Jeff Chan 10 May '05

10 May '05

[off list reply published with Eric's permission] On Monday, May 9, 2005, 9:33:12 AM, Eric Smith wrote: > Found out this morning it was an error in the way we were reporting file > times. Everything is good now. We were piping modified times out to an > HTML page every hour then we check if the page had changed at all in the > last 12 hours. > /E. Cool. BTW if you want to know the actual timestamp of the data, the best way is to look at the zone file serial number. Those … [View More]

1 0

RE: [SURBL-Discuss] newly registered domains
by Chris Santerre 10 May '05

10 May '05

Because they don't take to kindly to anyone doing tons of whois looksups an hour. Trust me ;) --Chris >-----Original Message----- >From: Matthew Wilson [mailto:matthew@boomer.com] >Sent: Monday, May 09, 2005 9:44 AM >To: SURBL Discussion list >Subject: RE: [SURBL-Discuss] newly registered domains > > >Why not integrate a whois date lookup directly into SURBL or URIBL? >Design an encoding system whereby >suspectedspammydomain.spammertld.dr.surbl.org (or uribl.com)… [View More]

3 2

RE: [SURBL-Discuss] newly registered domains
by Chris Santerre 09 May '05

09 May '05

Exactly, and do you have any idea how many of the lookups would be needed per day? I do! Enough to get the uribl dns ip doing the lookups, blocked from the whois servers. People running the whois servers don't really play nice with others. You need to approach them very carefully. APNIC is not going to be to helpful ;) --Chris >-----Original Message----- >From: Matthew Wilson [mailto:matthew@boomer.com] >Sent: Monday, May 09, 2005 1:29 PM >To: SURBL Discussion list >… [View More]

1 0

RE: [SURBL-Discuss] newly registered domains
by Matthew Wilson 09 May '05

09 May '05

I wasn't talking about doing huge numbers of whois lookups; I was saying cache the whois lookups in the a uribl dns zone, encoded using regex. > -----Original Message----- > From: discuss-bounces(a)lists.surbl.org > [mailto:discuss-bounces@lists.surbl.org] On Behalf Of Chris Santerre > Sent: Monday, May 09, 2005 9:20 AM > To: 'SURBL Discussion list' > Subject: RE: [SURBL-Discuss] newly registered domains > > Because they don't take to kindly to anyone doing tons of &… [View More]

1 0

RE: [SURBL-Discuss] newly registered domains
by Matthew Wilson 09 May '05

09 May '05

Why not integrate a whois date lookup directly into SURBL or URIBL? Design an encoding system whereby suspectedspammydomain.spammertld.dr.surbl.org (or uribl.com) would return the date somehow regex encoded in the IP address. Then write a nice SA rule that decodes it, also using regex. Are there any regex geniuses out there that could encode a date in an IP address? -Matthew > Well this has been brought up before. It is a very good idea, > however difficult to implement. … [View More]

1 0

RE: [SURBL-Discuss] newly registered domains
by Chris Santerre 09 May '05

09 May '05

>-----Original Message----- >From: Matthew Wilson [mailto:matthew@boomer.com] >Sent: Sunday, May 08, 2005 9:29 PM >To: Jeff Chan; SURBL Discussion list >Subject: [SURBL-Discuss] newly registered domains > > >Does anyone know of a SA rule to check how recently a domain name has >been registered? > >The various uri lookups catch the vast majority of spammy urls during >the day, but from 2-5 a.m. CST, my servers get hit with tons of spam >with urls that … [View More]

2 1

RE: [SURBL-Discuss] multi.surbl.org.rbldnsd Update Times
by Smith, Eric 09 May '05

09 May '05

When you say several times an hour, does that mean weekends and holidays also? /E. -----Original Message----- From: discuss-bounces(a)lists.surbl.org [mailto:discuss-bounces@lists.surbl.org] On Behalf Of Jeff Chan Sent: Sunday, May 08, 2005 11:01 AM To: SURBL Discussion list Subject: Re: [SURBL-Discuss] multi.surbl.org.rbldnsd Update Times On Sunday, May 8, 2005, 7:09:11 AM, Eric Smith wrote: > I'm sure this is dependent on the mirror we are pulling the zone from, but > how often is … [View More]

2 1

newly registered domains
by Matthew Wilson 09 May '05

09 May '05

Does anyone know of a SA rule to check how recently a domain name has been registered? The various uri lookups catch the vast majority of spammy urls during the day, but from 2-5 a.m. CST, my servers get hit with tons of spam with urls that aren't in SURBL yet. All of the domains are newly registered domains (registered in the past week or so). I know that the SARE ninjas have some private tools to do this kind of lookup for their feeds and manual lookups, but I'm wondering if this kind … [View More]

2 1

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Discuss