Discuss

discuss@lists.surbl.org

1 participants
1864 discussions

RE: [SURBL-Discuss] Help classify quickinspirations.com
by Chris Santerre 01 Oct '04

01 Oct '04

>-----Original Message----- >From: Jeff Chan [mailto:jeffc@surbl.org] >Sent: Thursday, September 30, 2004 12:54 AM >To: 'SURBL Discussion list' >Subject: Re: [SURBL-Discuss] Help classify quickinspirations.com > > >On Wednesday, September 29, 2004, 7:34:53 PM, Jeff Chan wrote: >> Most of these sites have open subscription forms, which invites >> abuse. If they have any kind of incentive programs for >> "affiliates" or anything like that, then that plus open >> subscriptions would *beg* for abuse. > >> That said, SBL does not list quickinspirations.com name servers >> or web site, etc. But NJABL does, and so do some others. > >OK I took a look at the NANAS hits, and all quickinspirations >mail seems to be sent from the same /27: > >64.37.73.212 64.37.73.221 64.37.73.218 64.37.73.214 >64.37.73.211 64.37.73.217 ... > >So if you block 64.37.73.192/27 or RBL it, ***you'll probably >never see any mail from quickinspirations ever again***. And anyone else who might be hosted on thos servers. :) > >Since these can be trivially blocked using regular RBLs or access >lists these probably aren't great SURBL candidates to begin with. > Trivial yes, but some people may prefer to use SURBL for this as it is 'safer' because it only blocks based on the domain. You yourself have said this about IPs. >The same cannot be said of spammers using zombies. Yes, but we are targeting spammers, not just spammers using zombies :) I'm wondering if we relist it, how long it would be until we heard someone complain. I'm only making this kind of a big deal because I think we will see this method grow. Hell what is to stop the spammer from getting his sister to complain to us that she signed up for this newsletter and it needs to be whitelisted? Something to consider is weighting the whitelist requests for domains that don't feel right like this one. One request for a domain like this may not cut the mustard. 3...OK. --Chris

3 3

RE: [SPAM-TAG] [SURBL-Discuss] Spammer threatening to suesingle4y ou.net
by Chris Santerre 01 Oct '04

01 Oct '04

>-----Original Message----- >From: Jeff Chan [mailto:jeffc@surbl.org] >Sent: Sunday, September 26, 2004 11:50 PM >To: SURBL Discuss >Subject: Re: [SPAM-TAG] [SURBL-Discuss] Spammer threatening to >suesingle4you.net > > >On Sunday, September 26, 2004, 8:35:40 PM, Joe Wein wrote: >> "Jeff Chan" <jeffc(a)surbl.org> >>> But that's not the question. The question is: does the domain >>> have legitimate uses. If so we shouldn't list it. We should not >>> list domains that have legitimate uses, even if they do send >>> in some spam. > >> Hi Jeff, > >> the latest emails from Mr. Schiffer were much more friendly >in tone. He also >> admitted that he was only bluffing when he talked about >legal action, as he >> really does not have any money for that. > >> I have removed his listing and let him know about that. I >hope he learnt >> something from it. > >> I probably wouldn't have removed the domain without your >reminder. Looking >> at this case I realise how difficult it really is for >submitters *not* to >> list spammers who may have some legitimate uses. > >> Joe > >Thanks Joe. Hopefully he's learned his lesson. > What the hell?? I just read this whole thread! I would not have taken this guy off! No way in hell!!!!! Ray, add this yahoo to UC please! The domain is brand new, sends spam, and screams about getting listed! How the hell can he be legit! Did you guys read the NANAS listings that showed his wonderful emails? These are just the ones reported. He 'purchased' a list. So none of these were opt in. This is not the last we will hear of this guy. I think taking him off is a mistake. And IF he does it again, I'll report his a$$ to every RBL I can find, simply because you guys removed this idiot. --Chris (Jaded, fed up, and tired of the BS.)

7 13

RE: [SURBL-Discuss] FP: smithbarney.com
by Chris Santerre 01 Oct '04

01 Oct '04

>-----Original Message----- >From: Alex Broens [mailto:surbl@alexb.ch] >Sent: Thursday, September 30, 2004 3:35 PM >To: SURBL Discussion list >Subject: Re: [SURBL-Discuss] FP: smithbarney.com > > >Rob McEwen wrote: >> FP: smithbarney.com >> >> (followup comments) >> >> I was trying to think... how did this one get on there? It >seems like it >> just barely missed the various institutional-based whitelists. >> >> I did a search of this on alexa.com and their site is ranked >just inside the >> top 20,000 web sites. >> >> SEE: >> http://www.alexa.com/data/details/?url=smithbarney.com >> >> Then I thought, wouldn't it be interesting to run the top >20,000 Alexa sites >> against SURBL... double-check whichever of these are >currently getting >> "caught" by SURBL. Remove any which should be removed, (I'm >sure at least a >> few would remain in SURBL??). Then whitelist all of the 20k >that haven't >> been specifically determined as needing to remain in SURBL. > >Guys...... >SURBL is used by the world, not only the US > >Alexa.com doesn't have the best of reputations on this side of >the pond. > >Their Privacy Policy is dubious: >-------------- >ALEXA'S TOOLBAR SERVICE COLLECTS AND STORES INFORMATION ABOUT THE WEB >PAGES YOU VIEW, THE DATA YOU ENTER IN ONLINE FORMS AND SEARCH FIELDS, >AND, WITH VERSIONS 5.0 AND HIGHER, THE PRODUCTS YOU PURCHASE ONLINE >WHILE USING THE TOOLBAR SERVICE. ALTHOUGH ALEXA DOES NOT ATTEMPT TO >ANALYZE WEB USAGE DATA TO DETERMINE THE IDENTITY OF ANY ALEXA >USER, SOME >INFORMATION COLLECTED BY THE TOOLBAR SERVICE IS PERSONALLY >IDENTIFIABLE. >ALEXA AGGREGATES AND ANALYZES THE INFORMATION IT COLLECTS TO >IMPROVE ITS >SERVICE AND TO PREPARE REPORTS ABOUT AGGREGATE WEB USAGE AND SHOPPING >HABITS. >--------------- >more @ http://pages.alexa.com/help/privacy.html > > >Pls don't force whitelisting more than necessary, or put these domains >in your site's whitelist but spare us whitelisting their associates as >much as possible > >Alex I agree. smithbarney should NEVER have been added! Whitelist them. Flogg the person that added them. --Chris (*brakes out the ridding crop*)

2 1

Most often "hit" SURBL domains
by Rob McEwen 01 Oct '04

01 Oct '04

RE: Most often "hit" SURBL domains >From time to time, ideas float around about how we can take some pressure off of the SURBL name servers. Recently, most commonly queried URIs that are NOT (and should not) be blocked were mentioned in the hopes that people would "whitelist" these locally so their mail servers would stop querying SURBL for stuff like microsoft.com, ebay.com, etc. I have a similar idea. Would it be possible to have a running list of the top 20 (or so... 50? 100?) most often queried URI's that are blocked by SURBL (and which should be blocked)? This way, we could take additional pressure off SURBL DNS servers by blacklisting these domains locally BEFORE doing SURBL checking on such messages? I have a feeling that this has already been requested and implemented?? Rob McEwen

7 14

Blogs still using SURBL?
by Chris Santerre 30 Sep '04

30 Sep '04

I remember there was some excitement that blogers had code to check links posted against SURBL. Is that still being used? I figured that would be bigger news. Chris Santerre System Admin and SARE Ninja http://www.rulesemporium.com http://www.surbl.org 'It is not the strongest of the species that survives, not the most intelligent, but the one most responsive to change.' Charles Darwin

3 3

FW: SURBL+ Checker Submission
by Chris Santerre 30 Sep '04

30 Sep '04

Somone who understand spanish check this for me please :) >-----Original Message----- >From: SURBL+ Checker [mailto:surbl@rulesemporium.com] >Sent: Thursday, September 30, 2004 8:45 AM >To: csanterre(a)MerchantsOverseas.com >Subject: SURBL+ Checker Submission > > >Date: Thu Sep 30 07:44:54 2004 >Reporter IP: MUNGED > >Applicable List: URIBL:ws.surbl.org >Reported URI/IP: directal.com.ar >Rating: Black - 100% spam > >Email Source: >---------------------------------------- > >From elsmtpfunciona(a)yahoo.com.ar Thu Sep 30 08:58:24 2004 >Message-ID: <41408-220049524173729270(a)infobae.com> >From: computacion <elsmtpfunciona(a)yahoo.com.ar> >To: Enterese antes que salga <elsmtpfunciona(a)yahoo.com.ar> >Subject: Enterese antes que salga...Directal.(8) >Date: Fri, 24 Sep 2004 14:37:29 -0300 >MIME-Version: 1.0 >x-fib-al-from: elsmtpfunciona(a)yahoo.com.ar >x-fib-al-ps: AAA >x-fib-al-sa: ham, Al-SA-2.63 (punt=3.365, req 8, ALE_MENS_OFER >1.00,MIME_BASE64_LATIN 1.10, MIME_BASE64_TEXT >1.10,MIME_BOUND_NEXTPART 0.16) >x-fib-al: lmp >x-fib-al-mxid: 65f376f369eeeb6a2e105730a55415e1 >x-fib-al-info: Al >x-return-path: elsmtpfunciona(a)yahoo.com.ar >x-mdremoteip: 192.168.0.11 >x-spam-processed: microsoft.com, Fri, 24 Sep 2004 19:39:28 >+0200(not processed: message from trusted or authenticated source) >Content-Type: text/plain; > charset="iso-8859-1" >Content-Transfer-Encoding: quoted-printable >Status: RO > > <http://www.directal.com.ar/news/23_9_04/Directal.jpg> =09 > > >Los precios pueden variar sin previo aviso. El costo del env=EDo es a >cargo del cliente >Ofertas sujetas a stock. Precios en dolares estadounidenses con IVA >incluido >12 Meses de Garantia >Si desea suscribirse al envio de ofertas persione aqui ><mailto:suscribir@directal.com.ar?Subject=3Dsuscribir> .=20 >Si no desea recibir , por favor presione aqui ><mailto:remover@directal.com.ar?Subject=3DRemover> =20 > >(realmente damos de baja, no modifique subjet / asunto por que se >procesa autom=E1ticamente en 96hs. )=20 >Gracias y disculpe las molestias=20 > > <http://www.directal.com.ar/news/pieMEJOR2.jpg>=20 > >=20 > >=20 > > > >---------------------------------------- >

2 1

RE: [SURBL-Discuss] Most often "hit" SURBL domains
by Chris Santerre 30 Sep '04

30 Sep '04

>-----Original Message----- >From: Rob McEwen [mailto:rob@powerviewsystems.com] >Sent: Wednesday, September 29, 2004 7:42 PM >To: 'SURBL Discussion list' >Subject: [SURBL-Discuss] Most often "hit" SURBL domains > > >RE: Most often "hit" SURBL domains > >>From time to time, ideas float around about how we can take >some pressure >off of the SURBL name servers. Recently, most commonly queried >URIs that are >NOT (and should not) be blocked were mentioned in the hopes that people >would "whitelist" these locally so their mail servers would >stop querying >SURBL for stuff like microsoft.com, ebay.com, etc. > >I have a similar idea. Would it be possible to have a running >list of the >top 20 (or so... 50? 100?) most often queried URI's that are blocked by >SURBL (and which should be blocked)? This way, we could take additional >pressure off SURBL DNS servers by blacklisting these domains >locally BEFORE >doing SURBL checking on such messages? > >I have a feeling that this has already been requested and implemented?? > Could this be done in a host file? 0.0.0.0 aol.com.ws.surbl.org Would something like that work? --Chris

1 0

RE: [SURBL-Discuss] Fwd: quickinspirations.com
by Chris Santerre 30 Sep '04

30 Sep '04

>-----Original Message----- >From: David Hooton [mailto:david.hooton@gmail.com] >Sent: Thursday, September 30, 2004 9:23 AM >To: Jeff Chan; SURBL Discussion list >Subject: Re: [SURBL-Discuss] Fwd: quickinspirations.com > > >On Wed, 29 Sep 2004 16:54:22 -0700, Jeff Chan <jeffc(a)surbl.org> wrote: >> This was the original report send to the whitelist(a)surbl.org >> address. Note that it included no examples, no explanation, no >> reasons, etc. >> >> That's why it's nice include some of those, eh? >> >> Jeff C. >> __ >> >> This is a forwarded message >> From: Bitz <bitoy(a)lawin.pinoy.org> >> To: whitelist(a)surbl.org >> Date: Friday, July 30, 2004, 5:17:43 PM >> Subject: quickinspirations.com >> >> ===8<==============Original message text=============== >> quickinspirations.com >> >> ===8<===========End of original message text=========== > >Perhaps people who request domains to be delisted but provide no >evidence should just be permanently lists? :p > LOL. Should we at least rethink this kind of domain? Some people are going to scream "Legit!" because they don't know they were fooled. I'm not asking for this domain to be changed right now. I'm asking more for people to start thinking about these kind of legit looking signup spams. Keep the seed in the back of your mind, as we may see more of this. --Chris

1 0

Fwd: quickinspirations.com
by Jeff Chan 30 Sep '04

30 Sep '04

This was the original report send to the whitelist(a)surbl.org address. Note that it included no examples, no explanation, no reasons, etc. That's why it's nice include some of those, eh? Jeff C. __ This is a forwarded message From: Bitz <bitoy(a)lawin.pinoy.org> To: whitelist(a)surbl.org Date: Friday, July 30, 2004, 5:17:43 PM Subject: quickinspirations.com ===8<==============Original message text=============== quickinspirations.com ===8<===========End of original message text=========== -- Jeff Chan mailto:whitelist@surbl.org http://www.surbl.org/

2 1

RE: [SURBL-Discuss] Help classify quickinspirations.com
by Patrik Nilsson 30 Sep '04

30 Sep '04

At 16:14 2004-09-29 -0400, Chris Santerre wrote: >Did you just create a new term? > >"Fisuf Spam" :-) >Works for me! I think I had a "discussion" about this domain with Jeff >before. Which is why I rang a bell. I think this may be one of the ones that >started the whole UC debate. > >Hmmm.... could more Fisuf Spam be around the corner? In my opinion - apparently (according to some definitions) legitimate emails that people have actually signed up for, that are obviously *only* sent out by known spammers to people tricked into entering their adress, or someone elses on a web site, that have *no* real purpose except to send spam - should be classified as spam, *not ham*. Even if people have signed up for the spam. Patrik

3 5

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Discuss