Discuss

discuss@lists.surbl.org

1862 discussions

Re: [SURBL-Discuss] RFC: significantly reducing FPs on OB
by Jeff Chan 13 Jul '08

13 Jul '08

On Saturday, July 12, 2008, 7:00:29 PM, Joseph Brennan wrote: > --On Saturday, July 12, 2008 1:41 AM -0700 Jeff Chan <jeffc(a)surbl.org> > wrote: >> We can probably significantly reduce the false positives on >> ob.surbl.org, the SURBL list based on Outblaze's URI blacklist: >> >> http://www.surbl.org/lists.html#ob >> >> at the cost of some possibly minor false negatives. [...] >> Should we make that change? > This agrees with our experience using SURBL for a few years. We've > seen the occasional fp with the ob listings, and none I am aware of > with the rest of SURBL. > What's the change? Thanks much for the feedback Daryl and Joseph! I think we probably can't reveal the exact listing criteria in case they're useful for the bad guys. I know it's somewhat inappropriate to ask for comments without revealing details. I suppose I'm asking for general responses then. :) Jeff C.

2 1

RFC: significantly reducing FPs on OB
by Jeff Chan 13 Jul '08

13 Jul '08

We can probably significantly reduce the false positives on ob.surbl.org, the SURBL list based on Outblaze's URI blacklist: http://www.surbl.org/lists.html#ob at the cost of some possibly minor false negatives. SpamAssassin has live (weekly?) statistics about the performance of their rules, including all SURBL lists, against their ham and spam corpora at their Rule QA site: http://ruleqa.spamassassin.org/ As you can see OB ranks significantly below the other SURBL lists, with much higher FP rates around 0.1% compared to 0.01% to 0.025% or so. (Note that the Rule QA site seems to have occasional glitches, so if the numbers seem out of range one week, check again later.) Should we make that change? Jeff C.

3 2

Re: [SURBL-Discuss] What does it take to be blacklisted?
by Jeff Chan 25 Jun '08

25 Jun '08

On Wednesday, June 25, 2008, 5:37:30 AM, Ben Spencer wrote: > Ok...the subject is a bit misleading. Let me clarify a little bit... > What does it take for a domain to end up on the multi.surbl.org list? > Realizing that multi is made up of several different lists, it might not > be > clear cut as each might have their own rules and in some cases it is > more > complicated then just end user reports. > Background: someone complained that they couldn't email us and it turns > out > they were blocked because of the multi.surbl.org list. In a response we > received from them, they stated: One person has a software program that > erroneously flagged <the domain> as spam. > What I am trying to confirm is that none of the multi.surbl.org lists > actually will block on a single incident report. Reading over the > surbl.org > site (haven't dig into the rules for each list just yet), the lists seem > to > sway towards safer (no listing) then sorry end of things. None of the lists will blacklist based solely on a user report. Each list is pretty different. Please report false positives to whitelist at our domain. Jeff C.

2 1

What does it take to be blacklisted?
by Ben Spencer 25 Jun '08

25 Jun '08

Ok...the subject is a bit misleading. Let me clarify a little bit... What does it take for a domain to end up on the multi.surbl.org list? Realizing that multi is made up of several different lists, it might not be clear cut as each might have their own rules and in some cases it is more complicated then just end user reports. Background: someone complained that they couldn't email us and it turns out they were blocked because of the multi.surbl.org list. In a response we received from them, they stated: One person has a software program that erroneously flagged <the domain> as spam. What I am trying to confirm is that none of the multi.surbl.org lists actually will block on a single incident report. Reading over the surbl.org site (haven't dig into the rules for each list just yet), the lists seem to sway towards safer (no listing) then sorry end of things. Thanks Benji Spencer System Administrator Moody Bible Institute Phone: 312-329-2288 Fax: 312-329-8961

1 0

SignInAndWIN.ca - In Hotmail Signature
by Darrell 03 Apr '08

03 Apr '08

FYI - I seen a couple false positives today on mail from hotmail that include this domain in the auto generated signature. SignInAndWIN . ca Example Signature: Sign in to Windows Live Messenger, and enter for your chance to win $1000 a day-today until May 12th. Visit SignInAndWIN . ca <http://g.msn.ca/ca55/210> Darrell

2 1

are the lists working
by Peter Garcia 24 Mar '08

24 Mar '08

Hello I have joined this discussion forum today to ask if there is anything wrong with the multi.surbl.org list? We had been using this list successfully for almost 3 years now. Beginning about 3/15/08, we are no longer getting the same number of hits as we had before. Before 3/15 we routinely saw 6000 - 8000 SuRBL hits per day. Between 3/15 and today we were seeing less then 500 hits per day. This morning I switched our GWAVA to use black.uribl.com and am now seeing thousands of SuRBL hits. For test purposes I switched back to the multi.surbl.org but in 5 minutes didn't have any hits. Does anyone else have this problem? Thank you for any information. Peter Garcia

2 1

familiar with xml?
by kieran mullen 13 Feb '08

13 Feb '08

SURBL was great when it was running. It made me wonder if I should even run any other RBL's at all? This is off topic already but what is generally thought to have less overhead? It would seem to be that RBLs would but their effectiveness have really dropped with the use of massive botnets. Anyhow regarding my topic... something has changed in the usage of the lists and so my false positives has jumped. This is doug swallows plugin for Icewarp MerakMail. (the author has long since dropped support for this project) http://clip.drlinky.com/149606 I have altered the scope to not include the header (from the surblg list I was told to) and also to not scan the ip addresses but to no avail. I was getting false positives for test invites I was sending myself from linked in. I believe it is the way counting is performed that is messing things up a bit. From the looks of it a count of 1 is rejected, but 1 is added to everything anyway surbl_multi_count += 1 Appreciate any information Thank you KieranMullen

2 2

plans to move to a forum
by kieran mullen 12 Feb '08

12 Feb '08

Are there any plans in the future to move the email based discussion list to a forum based system with e-mail subscription per topics? Thank you KieranMullen

7 11

Verizon DNS corruption
by Jeff Chan 30 Jan '08

30 Jan '08

Judging by recent spamassassin-users mailing list messages, Verizon is hijacking DNS responses that seem to be invalid and replacing them with their own responses (in oder to drive traffic to their search sites). Naturally this breaks SURBL lookups. If you are using Verizon's nameservers and are getting false positives, you may want to check into this. Here's one reference: http://www.freedom-to-tinker.com/?p=1227 Jeff C.

1 0

RFC: Adding malwaredomains.com data to phishing list?
by Jeff Chan 28 Nov '07

28 Nov '07

Does anyone have any comments on adding the malware domains at: http://www.malwaredomains.com/ to the SURBL phising list, with significant filtering to exclude possible false positives? The actual list would be the third field of: http://www.malwaredomains.com/files/domains.txt The data includes malware and phishing sites. Cheers, Jeff C.

6 12

← Newer
1
...
9
10
11
12
13
14
15
...
187
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Discuss