Discuss

discuss@lists.surbl.org

1867 discussions

RE: [SURBL-Discuss] 419 for school???
by Chris Santerre 01 Oct '04

01 Oct '04

>-----Original Message----- >From: Jeff Chan [mailto:jeffc@surbl.org] >Sent: Friday, October 01, 2004 12:20 PM >To: SURBL Discussion list >Subject: Re: [SURBL-Discuss] 419 for school??? > > >On Friday, October 1, 2004, 9:11:29 AM, Chris Santerre wrote: >> I don't get his one at all!!! WTH??? > >> I'm CC'ing to SURBL because look at the MX for this domain! > >> uniprepacademy.com dns_mx: >> neti-outblaze-com.mr.outblaze.com >> neti-outblaze-com-bk.mr.outblaze.com > >> I know it didn't come form that domain, but the advertised >part of this >> email points to that domain. I'm guessing this is just an >email to try to >> harvest addresses from people who reply? > >Harvest or Joe Job are always possible. > > >You may want to forward to postmaster(a)outblaze.com > >They don't put up with crud and will smack hard any abusers. > >Worst case they send Chris "The Leg Breaker" Santerre after >them. ;-) > I just sent it to them. What can I say, 6 foot, 235+ pounds, in an all out sprint on the ice..... I'd be glad for any spammer to be on the ice with me ;) --Chris (Come on ref, I hardly elbowed him at all!)

1 0

Help - Domain Age
by David Hooton 01 Oct '04

01 Oct '04

Hi All, I am trying to determine the age of goracer.de can anyone help, standard whois shown nothing of use. -- Regards, David Hooton

4 4

stopping ds.surbl.org service
by Jeff Chan 01 Oct '04

01 Oct '04

ds.surbl.org was an experimental list which is no longer getting any hits. We were serving it on a few name servers as a separate test list. I'd like to shut it down. Does anyone have any comments about doing that? If in future the folks behind the data are able to make a slice of it that only has pure spammers, then perhaps we may use it, but they don't appear to be moving in that direction currently. Jeff C. -- "If it appears in hams, then don't list it."

3 5

RE: [SURBL-Discuss] Help classify quickinspirations.com
by Chris Santerre 01 Oct '04

01 Oct '04

>-----Original Message----- >From: Jeff Chan [mailto:jeffc@surbl.org] >Sent: Thursday, September 30, 2004 12:54 AM >To: 'SURBL Discussion list' >Subject: Re: [SURBL-Discuss] Help classify quickinspirations.com > > >On Wednesday, September 29, 2004, 7:34:53 PM, Jeff Chan wrote: >> Most of these sites have open subscription forms, which invites >> abuse. If they have any kind of incentive programs for >> "affiliates" or anything like that, then that plus open >> subscriptions would *beg* for abuse. > >> That said, SBL does not list quickinspirations.com name servers >> or web site, etc. But NJABL does, and so do some others. > >OK I took a look at the NANAS hits, and all quickinspirations >mail seems to be sent from the same /27: > >64.37.73.212 64.37.73.221 64.37.73.218 64.37.73.214 >64.37.73.211 64.37.73.217 ... > >So if you block 64.37.73.192/27 or RBL it, ***you'll probably >never see any mail from quickinspirations ever again***. And anyone else who might be hosted on thos servers. :) > >Since these can be trivially blocked using regular RBLs or access >lists these probably aren't great SURBL candidates to begin with. > Trivial yes, but some people may prefer to use SURBL for this as it is 'safer' because it only blocks based on the domain. You yourself have said this about IPs. >The same cannot be said of spammers using zombies. Yes, but we are targeting spammers, not just spammers using zombies :) I'm wondering if we relist it, how long it would be until we heard someone complain. I'm only making this kind of a big deal because I think we will see this method grow. Hell what is to stop the spammer from getting his sister to complain to us that she signed up for this newsletter and it needs to be whitelisted? Something to consider is weighting the whitelist requests for domains that don't feel right like this one. One request for a domain like this may not cut the mustard. 3...OK. --Chris

3 3

RE: [SPAM-TAG] [SURBL-Discuss] Spammer threatening to suesingle4y ou.net
by Chris Santerre 01 Oct '04

01 Oct '04

>-----Original Message----- >From: Jeff Chan [mailto:jeffc@surbl.org] >Sent: Sunday, September 26, 2004 11:50 PM >To: SURBL Discuss >Subject: Re: [SPAM-TAG] [SURBL-Discuss] Spammer threatening to >suesingle4you.net > > >On Sunday, September 26, 2004, 8:35:40 PM, Joe Wein wrote: >> "Jeff Chan" <jeffc(a)surbl.org> >>> But that's not the question. The question is: does the domain >>> have legitimate uses. If so we shouldn't list it. We should not >>> list domains that have legitimate uses, even if they do send >>> in some spam. > >> Hi Jeff, > >> the latest emails from Mr. Schiffer were much more friendly >in tone. He also >> admitted that he was only bluffing when he talked about >legal action, as he >> really does not have any money for that. > >> I have removed his listing and let him know about that. I >hope he learnt >> something from it. > >> I probably wouldn't have removed the domain without your >reminder. Looking >> at this case I realise how difficult it really is for >submitters *not* to >> list spammers who may have some legitimate uses. > >> Joe > >Thanks Joe. Hopefully he's learned his lesson. > What the hell?? I just read this whole thread! I would not have taken this guy off! No way in hell!!!!! Ray, add this yahoo to UC please! The domain is brand new, sends spam, and screams about getting listed! How the hell can he be legit! Did you guys read the NANAS listings that showed his wonderful emails? These are just the ones reported. He 'purchased' a list. So none of these were opt in. This is not the last we will hear of this guy. I think taking him off is a mistake. And IF he does it again, I'll report his a$$ to every RBL I can find, simply because you guys removed this idiot. --Chris (Jaded, fed up, and tired of the BS.)

7 13

RE: [SURBL-Discuss] FP: smithbarney.com
by Chris Santerre 01 Oct '04

01 Oct '04

>-----Original Message----- >From: Alex Broens [mailto:surbl@alexb.ch] >Sent: Thursday, September 30, 2004 3:35 PM >To: SURBL Discussion list >Subject: Re: [SURBL-Discuss] FP: smithbarney.com > > >Rob McEwen wrote: >> FP: smithbarney.com >> >> (followup comments) >> >> I was trying to think... how did this one get on there? It >seems like it >> just barely missed the various institutional-based whitelists. >> >> I did a search of this on alexa.com and their site is ranked >just inside the >> top 20,000 web sites. >> >> SEE: >> http://www.alexa.com/data/details/?url=smithbarney.com >> >> Then I thought, wouldn't it be interesting to run the top >20,000 Alexa sites >> against SURBL... double-check whichever of these are >currently getting >> "caught" by SURBL. Remove any which should be removed, (I'm >sure at least a >> few would remain in SURBL??). Then whitelist all of the 20k >that haven't >> been specifically determined as needing to remain in SURBL. > >Guys...... >SURBL is used by the world, not only the US > >Alexa.com doesn't have the best of reputations on this side of >the pond. > >Their Privacy Policy is dubious: >-------------- >ALEXA'S TOOLBAR SERVICE COLLECTS AND STORES INFORMATION ABOUT THE WEB >PAGES YOU VIEW, THE DATA YOU ENTER IN ONLINE FORMS AND SEARCH FIELDS, >AND, WITH VERSIONS 5.0 AND HIGHER, THE PRODUCTS YOU PURCHASE ONLINE >WHILE USING THE TOOLBAR SERVICE. ALTHOUGH ALEXA DOES NOT ATTEMPT TO >ANALYZE WEB USAGE DATA TO DETERMINE THE IDENTITY OF ANY ALEXA >USER, SOME >INFORMATION COLLECTED BY THE TOOLBAR SERVICE IS PERSONALLY >IDENTIFIABLE. >ALEXA AGGREGATES AND ANALYZES THE INFORMATION IT COLLECTS TO >IMPROVE ITS >SERVICE AND TO PREPARE REPORTS ABOUT AGGREGATE WEB USAGE AND SHOPPING >HABITS. >--------------- >more @ http://pages.alexa.com/help/privacy.html > > >Pls don't force whitelisting more than necessary, or put these domains >in your site's whitelist but spare us whitelisting their associates as >much as possible > >Alex I agree. smithbarney should NEVER have been added! Whitelist them. Flogg the person that added them. --Chris (*brakes out the ridding crop*)

2 1

Most often "hit" SURBL domains
by Rob McEwen 01 Oct '04

01 Oct '04

RE: Most often "hit" SURBL domains >From time to time, ideas float around about how we can take some pressure off of the SURBL name servers. Recently, most commonly queried URIs that are NOT (and should not) be blocked were mentioned in the hopes that people would "whitelist" these locally so their mail servers would stop querying SURBL for stuff like microsoft.com, ebay.com, etc. I have a similar idea. Would it be possible to have a running list of the top 20 (or so... 50? 100?) most often queried URI's that are blocked by SURBL (and which should be blocked)? This way, we could take additional pressure off SURBL DNS servers by blacklisting these domains locally BEFORE doing SURBL checking on such messages? I have a feeling that this has already been requested and implemented?? Rob McEwen

7 14

Blogs still using SURBL?
by Chris Santerre 30 Sep '04

30 Sep '04

I remember there was some excitement that blogers had code to check links posted against SURBL. Is that still being used? I figured that would be bigger news. Chris Santerre System Admin and SARE Ninja http://www.rulesemporium.com http://www.surbl.org 'It is not the strongest of the species that survives, not the most intelligent, but the one most responsive to change.' Charles Darwin

3 3

FW: SURBL+ Checker Submission
by Chris Santerre 30 Sep '04

30 Sep '04

Somone who understand spanish check this for me please :) >-----Original Message----- >From: SURBL+ Checker [mailto:surbl@rulesemporium.com] >Sent: Thursday, September 30, 2004 8:45 AM >To: csanterre(a)MerchantsOverseas.com >Subject: SURBL+ Checker Submission > > >Date: Thu Sep 30 07:44:54 2004 >Reporter IP: MUNGED > >Applicable List: URIBL:ws.surbl.org >Reported URI/IP: directal.com.ar >Rating: Black - 100% spam > >Email Source: >---------------------------------------- > >From elsmtpfunciona(a)yahoo.com.ar Thu Sep 30 08:58:24 2004 >Message-ID: <41408-220049524173729270(a)infobae.com> >From: computacion <elsmtpfunciona(a)yahoo.com.ar> >To: Enterese antes que salga <elsmtpfunciona(a)yahoo.com.ar> >Subject: Enterese antes que salga...Directal.(8) >Date: Fri, 24 Sep 2004 14:37:29 -0300 >MIME-Version: 1.0 >x-fib-al-from: elsmtpfunciona(a)yahoo.com.ar >x-fib-al-ps: AAA >x-fib-al-sa: ham, Al-SA-2.63 (punt=3.365, req 8, ALE_MENS_OFER >1.00,MIME_BASE64_LATIN 1.10, MIME_BASE64_TEXT >1.10,MIME_BOUND_NEXTPART 0.16) >x-fib-al: lmp >x-fib-al-mxid: 65f376f369eeeb6a2e105730a55415e1 >x-fib-al-info: Al >x-return-path: elsmtpfunciona(a)yahoo.com.ar >x-mdremoteip: 192.168.0.11 >x-spam-processed: microsoft.com, Fri, 24 Sep 2004 19:39:28 >+0200(not processed: message from trusted or authenticated source) >Content-Type: text/plain; > charset="iso-8859-1" >Content-Transfer-Encoding: quoted-printable >Status: RO > > <http://www.directal.com.ar/news/23_9_04/Directal.jpg> =09 > > >Los precios pueden variar sin previo aviso. El costo del env=EDo es a >cargo del cliente >Ofertas sujetas a stock. Precios en dolares estadounidenses con IVA >incluido >12 Meses de Garantia >Si desea suscribirse al envio de ofertas persione aqui ><mailto:suscribir@directal.com.ar?Subject=3Dsuscribir> .=20 >Si no desea recibir , por favor presione aqui ><mailto:remover@directal.com.ar?Subject=3DRemover> =20 > >(realmente damos de baja, no modifique subjet / asunto por que se >procesa autom=E1ticamente en 96hs. )=20 >Gracias y disculpe las molestias=20 > > <http://www.directal.com.ar/news/pieMEJOR2.jpg>=20 > >=20 > >=20 > > > >---------------------------------------- >

2 1

RE: [SURBL-Discuss] Most often "hit" SURBL domains
by Chris Santerre 30 Sep '04

30 Sep '04

>-----Original Message----- >From: Rob McEwen [mailto:rob@powerviewsystems.com] >Sent: Wednesday, September 29, 2004 7:42 PM >To: 'SURBL Discussion list' >Subject: [SURBL-Discuss] Most often "hit" SURBL domains > > >RE: Most often "hit" SURBL domains > >>From time to time, ideas float around about how we can take >some pressure >off of the SURBL name servers. Recently, most commonly queried >URIs that are >NOT (and should not) be blocked were mentioned in the hopes that people >would "whitelist" these locally so their mail servers would >stop querying >SURBL for stuff like microsoft.com, ebay.com, etc. > >I have a similar idea. Would it be possible to have a running >list of the >top 20 (or so... 50? 100?) most often queried URI's that are blocked by >SURBL (and which should be blocked)? This way, we could take additional >pressure off SURBL DNS servers by blacklisting these domains >locally BEFORE >doing SURBL checking on such messages? > >I have a feeling that this has already been requested and implemented?? > Could this be done in a host file? 0.0.0.0 aol.com.ws.surbl.org Would something like that work? --Chris

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Discuss