Discuss

discuss@lists.surbl.org

2 participants
1870 discussions

[SURBL-Discuss] One resource in identifying spammers trying to use your service
by William Stearns 25 Jun '04

25 Jun '04

Good afternoon, administrator, Thanks for providing the littleurl service - the links you provide are a lot easier to type. I'd like to offer one free resource to you in trying to keep your system from being abused by spammers. I maintain a blacklist of spam domains at http://www.stearns.org/sa-blacklist/ ; the specific file you'll probably want is http://www.stearns.org/sa-blacklist/sa-blacklist.current.domains . This is a list of ~22,700 spammer domains. Would you consider checking the domains people submit for littleurl against that list as part of the littleurl creation process, and if found, perhaps not provide a littleurl for it? If you'd rather not check against a file that large or you want to do this over dns, you can also place a lookup for that domain against submitted.domain.ws.surbl.org - if you get back an "A" record for it, it's in the above list. More details at http://www.surbl.org . Please let us know if you have any questions or concerns. Cheers, - Bill --------------------------------------------------------------------------- "Silly hacker, root is for administrators." -- Unknown (Courtesy of Fabrice MARIE <fabrice(a)celestix.com>) -------------------------------------------------------------------------- William Stearns (wstearns(a)pobox.com). Mason, Buildkernel, freedups, p0f, rsync-backup, ssh-keyinstall, dns-check, more at: http://www.stearns.org --------------------------------------------------------------------------

1 0

OT: RBL needed!
by Doc Schneider 25 Jun '04

25 Jun '04

This Off topic but figured most of us all get hit with this stuff. I am in need of a bit of help. I got a whole bunch of open relays doing rumpelstiltskin(sic) attacks on both my main mailserver and my seconary MX server... hitting the secondary and making it throttle the main one. Anyway is there a way to use some of these RBLs to basically deny these open relays to be able to even attempt these attacks? I'm running Sendmail 8.12.11 on Linux... both these boxen run RH 6.2 and are really locked down against other attacks. I use to just drop routes to these idiots but never a good solution IMNSHO 8*) I looked through the sendmail FAQs and didn't find anything that was helpful. Any idea would be more then welcome. -- -Doc --- MomNDoc Online Consultants http://www.maddoc.net/ momndoc(a)maddoc.net

4 5

RE: [SURBL-Discuss] A question on policy
by Chris Santerre 25 Jun '04

25 Jun '04

Why are you reading here? Content inline below.....go ahead...go read..... >-----Original Message----- >From: David Hooton [mailto:djh-lists@platformhosting.com] >Sent: Thursday, June 24, 2004 5:11 PM >To: 'SURBL Discussion list' >Subject: RE: [SURBL-Discuss] A question on policy > > >> -----Original Message----- >> From: discuss-bounces(a)lists.surbl.org [mailto:discuss- >> bounces(a)lists.surbl.org] On Behalf Of Jeff Chan >> Sent: Friday, 25 June 2004 6:56 AM >> To: SURBL Discuss >> Subject: Re: [SURBL-Discuss] A question on policy >> >> Apparently uptilt.com does appear in message bodies since I see >> it appearing once on SpamCop's spamvertised sites. Chris adding >> it to ws.surbl.org could be ok. > >FWIW - we have had uptilt.com listed in our internal lists for quite a >while. > Sure...tell us now ;) >Jeff's policy is pretty much identical to ours - we don't >generally block >first time offenders (read: Anthony Robbins) who are known to >generally be >reasonable quality content providers. Yeah I try to do the same. This particular thread had me questioning becase the person called the robbin's organisation and they seemed they were not going to do anything about it. So we will see. > >We do however block on site any "Marketing Partners" who have >decided to >"Market" to our customers who have not subscribed to the list >- in this case >uptilt.com > Being a marketing partner is a death sentance around here as well :) --Chris

1 0

RE: [SURBL-Discuss] Hello
by Chris Santerre 25 Jun '04

25 Jun '04

>-----Original Message----- >From: Dave Navarro [mailto:dave@basicguru.com] >Sent: Thursday, June 24, 2004 11:50 PM >To: discuss(a)lists.surbl.org >Subject: [SURBL-Discuss] Hello > > >Hi, > >I originally found the SURBL site through CPU magazine. I've >done some >testing with it and I find that the number of domains listed is pretty >sparse. Is this project still active? > >--Dave > Oh yeah, we are picking up steam everyday. This started with just 3-4 guys, and had no really great way to submit. We got the basics worked out now, and a few more submitters and lots of sources of domains. So actually we are jamming. And we make sure quality comes first over quantity. We HATE false positives here. They make me breakout in hives ;) Chris Santerre System Admin and SARE Ninja http://www.rulesemporium.com 'It is not the strongest of the species that survives, not the most intelligent, but the one most responsive to change.' Charles Darwin

2 1

Please test ob, ob2, ab
by Jeff Chan 25 Jun '04

25 Jun '04

Yusuf and Suresh of Outblaze have provided a different version of the Outblaze data which excludes some sender domains which are not really relevant to SURBL use. I've put the revised list up as: ob2.surbl.org Please beta test it against ob.surbl.org Please also test ab.surbl.org which are the top 425 or so spamvertised sites from abusebutler.com. So please beta test: ob.surbl.org ob2.surbl.org ab.surbl.org and let us know the results here. ob2 and ab are only on my name server right now, so please don't test on any really large volume mail servers. Hand-checked corpus testing would be ideal, and we're particularly interested in false positives and spam detection percentages. Thanks, Jeff C.

3 9

Hello
by Dave Navarro 25 Jun '04

25 Jun '04

Hi, I originally found the SURBL site through CPU magazine. I've done some testing with it and I find that the number of domains listed is pretty sparse. Is this project still active? --Dave

3 2

rDNS entries
by Dave Navarro 25 Jun '04

25 Jun '04

One thing I notice is that the IP addresses of blacklisted domains are not always listed in the BL as well. For example, when I look up: ghcclccc.biz.multi.surbl.org It's listed. However, when I look up: 72.2.139.221.multi.surbl.org it's not listed. Might I suggest that all domains listed in the BL also include corresponding IP addresses? --Dave

2 1

A question on policy
by Chris Santerre 24 Jun '04

24 Jun '04

I was doing some browsing of NANAE and came across something interesting. http://tinyurl.com/2xkyw But the thread basically says that uptilt.com (a known spam sender) was hired by tonyrobbins.com to advertise. So they sent out spam. Now my question is, do we list them? Do we list somewhat legit domains that hire these people without (or maybe with) the knowledge that they will spam? I'm leaning towards yes, in the hopes they will learn to choose their advertisers more carefully. Thoughts? Chris Santerre System Admin and SARE Ninja http://www.rulesemporium.com 'It is not the strongest of the species that survives, not the most intelligent, but the one most responsive to change.' Charles Darwin

5 5

RE: [SURBL-Discuss] A question on policy
by Chris Santerre 24 Jun '04

24 Jun '04

The thread I had found this in didn't contain the full body. However I searched and found a copy and sure enough, there is an uptilt.com link. It's on it's way to SURBL now :) As always J, Thanks! --Chris >-----Original Message----- >From: jm(a)jmason.org [mailto:jm@jmason.org] >Sent: Thursday, June 24, 2004 4:16 PM >To: Jeff Chan; SURBL Discussion list >Subject: Re: [SURBL-Discuss] A question on policy > > >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > > >In terms of the message, does uptilt.com have any links in it? often >in this situation they'd have added an "unsubscribe" link of their >own which SURBL would then catch. > >- --j. > >Jeff Chan writes: >> On Thursday, June 24, 2004, 9:16:51 AM, Chris Santerre wrote: >> > But the thread basically says that uptilt.com (a known >spam sender) was >> > hired by tonyrobbins.com to advertise. So they sent out >spam. Now my >> > question is, do we list them? >> >> > Do we list somewhat legit domains that hire these people >without (or maybe >> > with) the knowledge that they will spam? I'm leaning >towards yes, in the >> > hopes they will learn to choose their advertisers more carefully. >> > Thoughts? >> >> The answer I would prefer is to *not* list a mostly legitimate >> domain like tonyrobbins.com, but to let conventional RBLs list >> uptilt.com and their IPs as a spam sender. In other words, >> let spamhaus list uptilt's addresses and block on them, but >> don't list tonyrobbins.com in SURBLs since it could potentially >> be mentioned in legitimate messages. Of course it would not hurt >> to let the possibly legitimate company's lawyers know they should >> not use spammers, and cite the law being broken. >> >> This one seems like a relatively clear division of responsibility >> to me. Others may be more or less clear. >> >> Jeff C. >> >> _______________________________________________ >> Discuss mailing list >> Discuss(a)lists.surbl.org >> http://lists.surbl.org/mailman/listinfo/discuss >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.2.4 (GNU/Linux) >Comment: Exmh CVS > >iD8DBQFA2zaIQTcbUG5Y7woRAihcAJ9XmPkWKiSLJGE/0h6BuTyaWIdPLwCg8IFH >cKGFM1GM09i10Wpwx092Z6Q= >=n+Cc >-----END PGP SIGNATURE----- > >_______________________________________________ >Discuss mailing list >Discuss(a)lists.surbl.org >http://lists.surbl.org/mailman/listinfo/discuss >

1 0

RE: [SURBL-Discuss] redirect site....sort of
by Chris Santerre 23 Jun '04

23 Jun '04

Correct it is legit. >-----Original Message----- >From: Jeff Chan [mailto:jeffc@surbl.org] >Sent: Monday, June 21, 2004 7:49 PM >To: SURBL Discuss >Subject: Re: [SURBL-Discuss] redirect site....sort of > > >On Friday, June 18, 2004, 11:30:16 AM, Chris Santerre wrote: >> place.cc > >> looks like spammers are using this site. > >It is otherwise legitimate? If so, we should whitelist >and let the redirection resolution techniques catch the >actual spam sites. > >Jeff C. > >_______________________________________________ >Discuss mailing list >Discuss(a)lists.surbl.org >http://lists.surbl.org/mailman/listinfo/discuss >

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Discuss