Discuss

discuss@lists.surbl.org

2 participants
1870 discussions

RE: Geocities (Spammers, Joe Jobbers, & Pron Spam)
by Rob McEwen 15 Dec '04

15 Dec '04

RE: Geocities (Spammers, Joe Jobbers, & Pron Spam) Over the past few months, I've had an enormous amount of problems with e-mail which either: --was spam advertising a geocities hosted web site --was child-pron spam advertising a geocities... --was one of the previous two, but a joe jobs against me (interestingly, the joe jobs against me started just AFTER I began reporting the child-pron spams... I wonder if my complaint e-mails to geocities were "shared" with the wrong people?) I know that Geocities does police their system and they do kick off spammers and kiddie-pron. However, it is getting to the point out of all the mail coming to my server which contain a geocities address, at least half of these fit into one of these categories. Also, new geocities sites involved in this behavior pop up just as fast at the old accounts are terminated. (BTW - one common tactic is for the homes page to still be the initial splash page and the actual child pron content is then "buried" inside. The Geocities admins need to know this and "dig deeper" to keep this stuff out on the front end of the process.) Maybe if enough of the right people get this message, Geocities will clean up their act? Any suggestions? Rob McEwen

2 1

foothill .net Joe jobbed?
by Chris Santerre 15 Dec '04

15 Dec '04

I see lots of NANAE and NANAS hits for foothill .net, but they all seem to be Joe Jobs. Anyone know why? Are they legit? They have requested removal from SURBL listing. I'm leaning towards removal at this point. Chris Santerre System Admin and SARE/SURBL Ninja http://www.rulesemporium.com http://www.surbl.org 'It is not the strongest of the species that survives, not the most intelligent, but the one most responsive to change.' Charles Darwin

3 3

RE: MISC: rm04.net, silverpop.com
by Chris Santerre 14 Dec '04

14 Dec '04

>-----Original Message----- >From: Todd Vierling [mailto:tv@DUH.ORG] >Sent: Tuesday, December 14, 2004 10:30 AM >To: SPAM-L(a)PEACH.EASE.LSOFT.COM >Subject: Re: MISC: rm04.net, silverpop.com > > >On Tue, 14 Dec 2004, Chris Santerre wrote: > >> This morning I received a spam from silverpop. They have >been known to be >> pretty whitehat. > >Interesting planet on which you live. They've been blanket >blocked here >due to severe lack of closed-loop confirmation since early 2003, and to >this day, they still try to whack my server several times a month. 8-) > >-- >-- Todd Vierling <tv(a)duh.org> <tv(a)pobox.com> I just got off the phone with Mr. Roberts. He is very pleasant. He even knows you Todd :) He is looking into the UCE I received this morning. They still seem white'ish in my eyes. Will see what happens. --Chris

1 0

Thunderbird and SURBL?
by Chris Santerre 14 Dec '04

14 Dec '04

Thinking out loud.... Anyone have contact with thunderbird devs? Could a pop proxy be used to check emails being downloaded by thunderbird on SURBL, then decline to download the ones that hit? Obviously with whitelist bypasses? Then the user could use a web client to delete spams without downloading? Or whatever..... Chris Santerre System Admin and SARE/SURBL Ninja http://www.rulesemporium.com http://www.surbl.org 'It is not the strongest of the species that survives, not the most intelligent, but the one most responsive to change.' Charles Darwin

2 1

RE: [SURBL-Discuss] surebase.com?
by Chris Santerre 13 Dec '04

13 Dec '04

> >I don't think Deerfield has anything to do with surebase.com >except as registrar, or it's a joe job against Deerfield. > That was my first thought as well. --Chris

1 0

surebase.com?
by Jeff Chan 12 Dec '04

12 Dec '04

Anyone heard of: Deerfield Communications Inc. 4241 Old U.S. 27 South Gaylord, MI 49735 US Domain Name: SUREBASE.COM Administrative Contact - M.N.Lopes daSilva - tropical(a)ve.net SureBase.com c/o Technical Web Edf Santiago de Leon, Piso 2, Ofic 21, Av-Casanova Caracas, 1010 VE Phone - 01127618432 Fax - Technical Contact - HostMaster DNS2Go - hostmaster(a)DNS2Go.com Deerfield Communications Inc. 4241 Old U.S. 27 South Gaylord, MI 49735 US Phone - (517) 732-8856 Fax - (517) 731-2642 Billing Contact - M.N.Lopes daSilva - tropical(a)ve.net SureBase.com c/o Technical Web Edf Santiago de Leon, Piso 2, Ofic 21, Av-Casanova Caracas, 1010 VE Phone - 01127618432 Fax - Record update date - 2004-05-27 09:50:52 Record create date - 2000-05-13 Record will expire on - 2005-05-13 Database last updated on - 2004-12-11 19:13:36 EST Domain servers in listed order: NS.TUCONDOMINIO.COM 66.227.4.217 NS2.TUCONDOMINIO.COM 66.227.4.218 I got a spam sent straight from their server NS.TUCONDOMINIO.COM 66.227.4.217 mentioning domains: joysongcreations.com surebase.com joysongcreations.com is relatively new and has no RBL, SBL or NANAS. surebase.com was registered in 2000, has no RBL or SBL but has 4000+ NANAS. This one is puzzling. Anyone have more info? Jeff C. -- "If it appears in hams, then don't list it."

2 2

Re: [SURBL-Discuss] RFC: consensus list?
by Frank Ellermann 11 Dec '04

11 Dec '04

Jeff Chan wrote: > Ask application writers like SpamAssassin and others > to check or modify their code to be able to handle bits > in the other octets, i.e. 127.0.1.X, 127.64.X.X, etc. > Should we let them know ahead of time that their code > should be able to handle these cases without breaking? In rxwhois 1.7.1 dedicated to one "Jeff Chan" <eg> I've added support for either 127.0.X.Y or 127.1.X.Y. The latter is for OPM and allows up to 16 bits. For the former I now display 127.0.0.0/31 as "utter dubious". 2.0.0.127.wadb.isipp.com = 127.0.0.1, I'll probably eliminate WADB, it's below my minimal standards for any well-behaved BL. We can discuss about more than 16 bits in 2006, is that okay ? > Comments? I'm not sure why OPM uses 127.1.0.Y instead of 127.0.0.Y. A simple explanation would be "avoid 127.0.0.0/31 like hell and allow up to 8 bits in Y". Another explanation could be "no 127.0.0.0/31, up to 16 bits in 127.1.X.Y, _and_ additionally a version number in the case of incompatible changes, starting with version 1 in 127.1.X.Y". Bye, Frank -- <http://purl.net/xyzzy/src/rxwhois.cmd> <http://purl.net/xyzzy/rxwhois.htm>

1 0

RE: [SURBL-Discuss] FP rate
by Chris Santerre 09 Dec '04

09 Dec '04

>-----Original Message----- >From: Jeff Chan [mailto:jeffc@surbl.org] >Sent: Thursday, December 09, 2004 2:06 AM >To: SURBL Discuss >Subject: Re: [SURBL-Discuss] FP rate > > >On Wednesday, December 8, 2004, 8:51:04 PM, RD RD wrote: >> Hello List, > >> Is there an available % FP rate for SC and JP ? >> I thought I should ask to help me decide whether I should >keep dropping >> e-mails w/ blacklisted URIs. > >FP rates vary a lot depending on whose spam and ham corpra are >used, but here are some from SpamAssassin corpora against >older versions of the SURBL lists. Most of the SURBL lists >now have better FP rates due to cleanup we've been doing >along the way: > >OVERALL% SPAM% HAM% S/O RANK SCORE NAME >2424443 2357143 67300 0.972 0.00 0.00 (all messages) >100.000 97.2241 2.7759 0.972 0.00 0.00 (all messages as %) > 7.595 7.8122 0.0045 0.999 1.00 0.00 URIBL_SC_SURBL > 76.754 78.9448 0.0178 1.000 0.80 0.00 URIBL_OB_SURBL > 77.230 79.4340 0.0208 1.000 0.60 1.00 URIBL_PJ_SURBL > 0.985 1.0126 0.0045 0.996 0.50 0.00 URIBL_AB_SURBL > 82.119 84.4600 0.1367 0.998 0.40 0.00 URIBL_WS_SURBL > 0.021 0.0216 0.0045 0.829 0.00 0.00 URIBL_PH_SURBL I still can't believe SC is beating WS in FP rate!!! Bah!!!! Must reduce FP rate more!! Must perse thru thousands of domains.....mind going numb......... Ahhhh but look at the spam hit rates! Who's your daddy now?! :-) --Chris

4 4

SpamAssassin Discussion LIst
by Rob McEwen 09 Dec '04

09 Dec '04

Even thought I don't use SpamAssassin, from time to time, I desire to discuss and even contribute ideas related to developing or enhancing rules base filtering. Like SpamAssassin, the mail filter I use is capable of using Regular Expressions in a way that is similar to SpamAssassin. When I get the urge to post questions and suggestions, I keep thinking that the SURBL list is not the best targeted forum for this topic and I should probably join the SpamAssassin discussion group to discuss this topic. However, after searching, I now see that there is more than one list for SpamAssassin. Therefore, does anyone know **which** SpamAssassin list I should join (and where to subscribe) if I'm interested in rules development? Thanks, Rob McEwen

3 2

RE: [SURBL-Discuss] Feature Request: Whitelist_DNSRBL
by Rob McEwen (PowerView Systems) 09 Dec '04

09 Dec '04

Speaking of whitelisting, I'm using a caching dns server on my box which is based on BINDS. I currently use the following syntax in the names.config files to manually whitelist: zone "yahoo.com.multi.surbl.org" in { type master; }; This **works** and causes the DNS caching server to return a "not found" WITHOUT having to ever check external DNS servers to resolve this. Also, the return times are lightening fast (<4ms). However, I'm still getting some kind of weird system errors logged in my "Events" log related to this process. Basically, I think I goofed up the syntax or I am missing some information here. Does anyone here happen to be familar with BIND and have any suggestions as to the correct syntax? What **should** my example from above look like? Thanks, Rob McEwen

3 3

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Discuss