Discuss

discuss@lists.surbl.org

2 participants
1870 discussions

RE: [SURBL-Discuss] Auto adding detected "static 'front page' sites".
by Ryan Thompson 23 Aug '04

23 Aug '04

Christiaan den Besten wrote to 'Ryan Thompson': >> Mail::SpamAssassin::PerMsgStatus::get_uri_list($status), but there >> were a few other incantations that I did to get the list of URIs >> down. I have been meaning to publish the script, but things keep >> getting in the way. I will do that tomorrow (today). Stay tuned! > > Check, I see its 03:xx over there ;) Just woke up here :) It's released. http://ry.ca/geturi/ > I have just looked at Justin's hints for a SA plugin, that seems very doable > as well. I was just wondering if I could re-use the SA surbl-plugin while I > am at it. For I am only interested in uri's not yet in WS. > > For my idea, what you do now: > - strip uri's from messages Yes. I also attempt to eliminate those with empty anchors. > - for each (new) uri generate a NASAS query NANAS query URLs (to Google Groups) are pre-built, but not automatically queried, because that would violate Google TOS. (See the TODO section in the documentation). > - build a 'matrix' between uri's and messages they are referenced in. More or less, a two-way hash. > - score uri's for spamability :) Yep. Technically, they're just scored for relevance in the message. It's up to the person building the corpus to decide whether they're spammy or not. :-) - Ryan -- Ryan Thompson <ryan(a)sasknow.com> SaskNow Technologies - http://www.sasknow.com 901-1st Avenue North - Saskatoon, SK - S7K 1Y4 Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America

1 0

RE: [SURBL-Discuss] openrbl.org domain gone?
by Chris Santerre 23 Aug '04

23 Aug '04

Back up now. I believe they changed domain registrars. >-----Original Message----- >From: Mailing List [mailto:ml@netgroupes.ca] >Sent: Sunday, August 22, 2004 10:55 AM >To: surbl(a)alexb.ch; SURBL Discussion list >Subject: RE: [SURBL-Discuss] openrbl.org domain gone? > > >>Can any of you reach http://openrbl.org ????? >Also dead from Canada > > >_______________________________________________ >Discuss mailing list >Discuss(a)lists.surbl.org >http://lists.surbl.org/mailman/listinfo/discuss >

1 0

RE: [SURBL-Discuss] Fwd: fps
by Chris Santerre 23 Aug '04

23 Aug '04

>-----Original Message----- >From: Jeff Chan [mailto:jeffc@surbl.org] >Sent: Sunday, August 22, 2004 3:13 AM >To: SURBL Discuss >Subject: Re: [SURBL-Discuss] Fwd: fps > > >On Saturday, August 21, 2004, 11:08:06 PM, Doc Schneider wrote: >>> On Saturday, August 21, 2004, 9:59:06 PM, Doc Schneider wrote: > >>>>I have run RT (Request Tracker) in fact still have it >installed on one >>>>of my servers. > >>>>Where would we like it to run at? I could re-set it up >(need to upgrade >>>>it here) and add you all to it. > >> I'm upgrading my old version as I type. Will let you all >know where to >> get to it. Maybe we could add a pointer to something like >> something.surbl.org and point it to my rt site? I'll leave >it to you all >> to figure out the something.surbl.org 8*)) > >> Once I have this upgraded I'll add Jeff and Bill to it for >now. Then add >> whoever else needs admin access. > >Sounds good. Whatever name folks think would be good is fine; >maybe something short like track.surbl.org? > >Jeff C. > Track sounds good. But how will we be notified if something is added? --Chris

1 0

FPs in WS
by Joseph Burford 23 Aug '04

23 Aug '04

Two more FPs in WS. ientryMUNGEDmail.com The domain is used for mailing list management by the ientry network, we have several confirmed legit subscribers to their WebProNews, newsletter. siteproMUNGEDnews.com Once again several confirmed subscribers, mainly web designers or people who have used their submission services. Bayes training fixes any problems at my end, or I could locally whitelist, however they shouldn't be listed in WS :-) Both have valid unsubscribe options. Interesting reading comments about FPs over the last week. I think because of the global ramifications of these lists we need to make sure that spam is definately spam and borderline is excluded from listings. Otherwise the lists just become personal preferences of what we want to see in our mailboxes!! Regards, Joseph

5 10

RE: [SURBL-Discuss] openrbl.org domain gone?
by Mailing List 22 Aug '04

22 Aug '04

>Can any of you reach http://openrbl.org ????? Also dead from Canada

1 0

openrbl.org domain gone?
by Alex Broens 21 Aug '04

21 Aug '04

Guys, Can any of you reach http://openrbl.org ????? >From my side of the pond: domain doesn't exist... Thanks Alex

1 0

more possible FPs (2 OB, 4 WS and 2 DS)
by John Lundin 21 Aug '04

21 Aug '04

Eight possible FPs. These were taken from items reported as non-spam. The "nanas" number is raw matches on the domain from google groups. Use your own judgement... OB: www.mercenariesthegameMUNGED.com (nanas 0) mentioned in a lucasarts review OB: www.jmiequityMUNGED.com (nanas 0) mentioned in a Dow Jones newsletter The original wasn't caught by OB, but it shows up now. WS: Wireless.VentureReporterMUNGED.net (nanas 9) A stock newsletter. I checked back: it really had been subscribed to. WS: nmailerMUNGED.com (nanas 36) Design center newsletter. http://ellington.nmailerMUNGED.com/mailman/listinfo/dtgnews WS: www.imakenewsMUNGED.com (nanas 42) organization newsletter. http://www.imakenewsMUNGED.com/cabf/ (+ cleaned user tracking) imakenews makes me nervous... intrusive html. WS: ntcrMUNGED.us (nanas 43, some similar) Jupitermedia Web Events. (origin of mailing list -- appearance in unsubscribe disclaimer) (Site won't display for me, insufficiently motivated to find out why it said "Your Web browser must have cookies enabled" regardless.) And if anyone cares: DS: surveyhelp.harrispollonlineMUNGED.com (nanas 19) http://www.harrispollonlineMUNGED.com/sweeps.asp (sigh) yes, they subscribed to it. DS: www.winxpnewsMUNGED.com (nanas 42) http://www.winxpnewsMUNGED.com/issues.cfm Single reference in a tech newsletter... (I test for DS with a nominal score, so it doesn't bother me.) -- lundin(a)cavtel.net "By the time they had diminished from 50 to 8, the other dwarves began to suspect 'Hungry' ..."

1 0

RE: [SURBL-Discuss] {Spam?} FW: ***SPAM*** (6.0/5.0) ** [lcngroup ](Job) Civil ProjectEngineer - Pleasanton, N. CA
by Chris Santerre 20 Aug '04

20 Aug '04

>-----Original Message----- >From: jm(a)jmason.org [mailto:jm@jmason.org] >Sent: Friday, August 20, 2004 5:00 PM >To: SURBL Discussion list >Subject: Re: [SURBL-Discuss] {Spam?} FW: ***SPAM*** (6.0/5.0) ** >[lcngroup](Job) Civil ProjectEngineer - Pleasanton, N. CA > > >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > > >Larry Rosenman writes: >> >>>> Why is cgt-consult.com on WS? >... >> I talked to the admin, and they had been hacked, and used as >a spam source. >> They've cleaned up the mess, and have secured the machine. > >?? hacked? I wouldn't be so sure. > >Based on the spam I got, it looks a lot more like they >scraped, or bought >a dirty list of scraped addresses. > >Here's one of my spamples, in full -- I've munged the address, >but believe >me, it's 100% spamtrap, appears only on web pages, and has >never opted in >for anything ever. ;) > >- --j. > *snip* Which is an exact copy of the ones reported on NANAS. Again I ask, hacked? A hacker broke in and sent spams promoting the site he just hacked? How nice of him. --Chris

2 1

RE: [SURBL-Discuss] {Spam?} FW: ***SPAM*** (6.0/5.0) ** [lcngroup ](Job) Civil ProjectEngineer - Pleasanton, N. CA
by Chris Santerre 20 Aug '04

20 Aug '04

>-----Original Message----- >From: Larry Rosenman [mailto:ler@lerctr.org] >Sent: Friday, August 20, 2004 4:47 PM >To: 'SURBL Discussion list' >Subject: RE: [SURBL-Discuss] {Spam?} FW: ***SPAM*** (6.0/5.0) ** >[lcngroup](Job) Civil ProjectEngineer - Pleasanton, N. CA > > >Larry Rosenman wrote: >> Justin Mason wrote: >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> >>> Chris Santerre writes: >>>>> Why is cgt-consult.com on WS? >>>>> They are legit, and this is from a job posting list that is >>>>> MODERATED. >> >>> >>> A confirmed DSBL listing is a *big* deal BTW. I can also confirm >>> that I've received several spams from them. >> >> >> I've reported the post to the moderator, as well as the origin, to >> let them know. >> >> I generally trust this list, but with your input, I'll shut up now. >> >> LER > >I talked to the admin, and they had been hacked, and used as a >spam source. > >They've cleaned up the mess, and have secured the machine. > >Please consider white-listing them. They've submitted a >de-list request to >dsbl. > >LER Some blacklists show they have been an open relay since 2002. I'll go thru my traps, but the one I got was not that recent. This has been a problem from that IP for a long time. Stats on spamcop show report for 360+ days. They are just now finding out they were sending this. Hacked? I'm confused by that. Hacked would use the system to promote some other product. Hackers don't normaly send out spam to promote the website they hacked! "Oh we are sorry. A hacker got in and was sending spam promoting our company. We stopped him." Is that how the conversation went? I say no. Make that a NO! I think you got handed a bucketfull of listwash. --Chris

1 0

RE: [SURBL-Discuss] {Spam?} FW: ***SPAM*** (6.0/5.0) ** [lcngroup ] (Job) Civil ProjectEngineer - Pleasanton, N. CA
by Chris Santerre 20 Aug '04

20 Aug '04

> >Why is cgt-consult.com on WS? > >They are legit, and this is from a job posting list that is MODERATED. > OK serious now Larry, I'm starting to doubt what you call legit! Did you even try looking at this? Spamcop has their IP listed. There are posts all over NANAS about these guys! Hell I think I even got one of these spams directly to me! A few of your reports of False Positves have raised my eyebrows, but this one sent me over! NJABL: Not Just Another Bogus List 187.10.200.63.dnsbl.njabl.org -> 127.0.0.4 spam source -- 1019963653 NETHER-RELAYS: nether.net Confirmed Open Relays 187.10.200.63.relays.nether.net -> 127.0.0.2 SPAMCOP: SpamCop Blocking List 187.10.200.63.bl.spamcop.net -> 127.0.0.2 Blocked - see http://www.spamcop.net/bl.shtml?63.200.10.187 DSBL: Distributed Server Boycott List 187.10.200.63.list.dsbl.org -> 127.0.0.2 http://dsbl.org/listing?ip=63.200.10.187 DSBL-UNCONFIRMED: Distributed Server Boycott List 187.10.200.63.unconfirmed.dsbl.org -> 127.0.0.2 http://dsbl.org/listing?ip=63.200.10.187 Please tell me the steps you take to determine something is "legit" and worth reporting to us? --Chris

4 6

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Discuss