The thread I had found this in didn't contain the full body. However I
searched and found a copy and sure enough, there is an uptilt.com link. It's
on it's way to SURBL now :)
As always J, Thanks!
--Chris
>-----Original Message-----
>From: jm(a)jmason.org [mailto:jm@jmason.org]
>Sent: Thursday, June 24, 2004 4:16 PM
>To: Jeff Chan; SURBL Discussion list
>Subject: Re: [SURBL-Discuss] A question on policy
>
>
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>
>In terms of the message, does uptilt.com have any links in it? often
>in this situation they'd have added an "unsubscribe" link of their
>own which SURBL would then catch.
>
>- --j.
>
>Jeff Chan writes:
>> On Thursday, June 24, 2004, 9:16:51 AM, Chris Santerre wrote:
>> > But the thread basically says that uptilt.com (a known
>spam sender) was
>> > hired by tonyrobbins.com to advertise. So they sent out
>spam. Now my
>> > question is, do we list them?
>>
>> > Do we list somewhat legit domains that hire these people
>without (or maybe
>> > with) the knowledge that they will spam? I'm leaning
>towards yes, in the
>> > hopes they will learn to choose their advertisers more carefully.
>> > Thoughts?
>>
>> The answer I would prefer is to *not* list a mostly legitimate
>> domain like tonyrobbins.com, but to let conventional RBLs list
>> uptilt.com and their IPs as a spam sender. In other words,
>> let spamhaus list uptilt's addresses and block on them, but
>> don't list tonyrobbins.com in SURBLs since it could potentially
>> be mentioned in legitimate messages. Of course it would not hurt
>> to let the possibly legitimate company's lawyers know they should
>> not use spammers, and cite the law being broken.
>>
>> This one seems like a relatively clear division of responsibility
>> to me. Others may be more or less clear.
>>
>> Jeff C.
>>
>> _______________________________________________
>> Discuss mailing list
>> Discuss(a)lists.surbl.org
>> http://lists.surbl.org/mailman/listinfo/discuss
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.2.4 (GNU/Linux)
>Comment: Exmh CVS
>
>iD8DBQFA2zaIQTcbUG5Y7woRAihcAJ9XmPkWKiSLJGE/0h6BuTyaWIdPLwCg8IFH
>cKGFM1GM09i10Wpwx092Z6Q=
>=n+Cc
>-----END PGP SIGNATURE-----
>
>_______________________________________________
>Discuss mailing list
>Discuss(a)lists.surbl.org
>http://lists.surbl.org/mailman/listinfo/discuss
>
Correct it is legit.
>-----Original Message-----
>From: Jeff Chan [mailto:jeffc@surbl.org]
>Sent: Monday, June 21, 2004 7:49 PM
>To: SURBL Discuss
>Subject: Re: [SURBL-Discuss] redirect site....sort of
>
>
>On Friday, June 18, 2004, 11:30:16 AM, Chris Santerre wrote:
>> place.cc
>
>> looks like spammers are using this site.
>
>It is otherwise legitimate? If so, we should whitelist
>and let the redirection resolution techniques catch the
>actual spam sites.
>
>Jeff C.
>
>_______________________________________________
>Discuss mailing list
>Discuss(a)lists.surbl.org
>http://lists.surbl.org/mailman/listinfo/discuss
>
Hi,
I don't know who's maintaing http://spamcheck.freeapp.net/two-level-tlds but
I'd think a couple of domains could be added for .ar (Argentina).
I only see:
com.ar (commercial)
org.ar (non-commercial)
net.ar (isp's and the like)
Argentina also uses:
gov.ar (government)
mil.ar (armed forces)
edu.ar (universities and university-related research groups)
esc.edu.ar (elementary schools, high schools and other (non-universitary
educational institutions).
Regards.
Could you help me ?
Have install sapmassassin 2.63 - appears working OK
Have installed Mail-SpamAssassin-SpamCopURI-0.18
Using perl, v5.6.1 built for i386-linux
Now getting the following errors
============================================================================
debug: uri tests: Done uriRE
Failed to compile URI SpamAssassin tests, skipping:
(syntax error at /etc/mail/spamassassin/spamcop_uri.cf, rule
SPAMCOP_URI_RBL, line 1, near "eval:"
syntax error at /usr/share/spamassassin/20_uri_tests.cf, rule
E_MAILPROMO_URL, line 178, near ";
}"
)
debug: Failed to parse line in SpamAssassin configuration, skipping:
open_redirect_list_spamcop_uri snurl.com *.snurl.com
debug: Failed to parse line in SpamAssassin configuration, skipping:
open_redirect_list_spamcop_uri snipurl.com *.snipurl.com
debug: Failed to parse line in SpamAssassin configuration, skipping:
open_redirect_list_spamcop_uri tinyclick.com *.tinyclick.com
debug: Failed to parse line in SpamAssassin configuration, skipping:
open_redirect_list_spamcop_uri babyurl.com *.babyurl.com
debug: Failed to parse line in SpamAssassin configuration, skipping:
open_redirect_list_spamcop_uri lin.kz *.lin.kz
debug: Failed to parse line in SpamAssassin configuration, skipping:
open_redirect_list_spamcop_uri *.v3.net
debug: Failed to parse line in SpamAssassin configuration, skipping:
open_redirect_list_spamcop_uri shorl.com *.shorl.com
debug: Failed to parse line in SpamAssassin configuration, skipping:
open_redirect_list_spamcop_uri tinyurl.com *.tinyurl.com
debug: Failed to parse line in SpamAssassin configuration, skipping:
open_redirect_list_spamcop_uri xurl.us
============================================================================
Any help would be appreciated
Regards
Warren Robinson
warren_ro(a)compuserve.com
Hi Jeff,
> again this one is only hosted on a few name servers now so
> please don't use it for production yet. We'd like your feedback
> about performance, false positives, etc.
Here are some stats from one of my test servers, gives you an idea of
what success rate I am seeing from the various SURBL lists.
Hope the format doesn't munge too much :)
19/06/2004 2,439 messages 1,572 marked as spam
Description Total Ham % Spam %
URL in ws.surbl.org 748 4 0.5 744 99.5
URL in ob.surbl.org 722 4 0.6 718 99.4
URL in sc.surbl.org 647 0 0 647 100
URL in ab.surbl.org 416 14 3.4 402 96.6
URL in be.surbl.org 48 1 2.1 47 97.9
20/06/2004 2,093 messages 1,352 marked as spam
Description Total Ham % Spam %
URL in ob.surbl.org 777 31 4 746 96
URL in ws.surbl.org 731 5 0.7 726 99.3
URL in sc.surbl.org 528 0 0 528 100
URL in ab.surbl.org 404 2 0.5 402 99.5
URL in be.surbl.org 36 0 0 36 100
Regards,
Joseph
We have turned the top 425 or so domains from Andy Warner's
AbuseButler - Spamvertised Sites list:
http://spamvertised.abusebutler.com/
into a beta SURBL for testing:
ab.surbl.org
again this one is only hosted on a few name servers now so
please don't use it for production yet. We'd like your feedback
about performance, false positives, etc.
Andy's data is quite similar in principle to my SpamCop data
in sc.surbl.org. His list is ranked by number of batched reports
in a 7 day window, and he has various data sources.
I'm inviting Andy to discuss this further here.
Jeff C.
place.cc
looks like spammers are using this site.
Chris Santerre
System Admin and SARE Ninja
http://www.rulesemporium.com
'It is not the strongest of the species that survives,
not the most intelligent, but the one most responsive to change.'
Charles Darwin
I've tried like 5-6 mirrors to pick up the 2.63
Plug-In, and none of them can read the file.
Is there someplace I can FTP the tarball from?
Thanks!
LER
--
Larry Rosenman http://www.lerctr.org/~ler
Phone: +1 972-414-9812 E-Mail: ler(a)lerctr.org
US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749
I couldn't find any way of using a dns blacklist such as sc.surbl.org as a squid
acl, has anyone done this?
--
Robert Brooks, Network Manager, Cable & Wireless UK
<robb(a)hyperlink-interactive.co.uk> http://hyperlink-interactive.co.uk/
Tel: +44 (0)20 7339 8600 Fax: +44 (0)20 7339 8601
- Help Microsoft stamp out piracy. Give Linux to a friend today! -
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jeff Chan writes:
>We are also looking into some other potential spam
>URI data sources such as proxypots, etc.:
>
> http://proxypot.org/
Jeff --
a quick note on this; it has to be done very carefully. Many spammers are
using "link poisoning" stuff like this:
Get ov<A
href="http://www.gimbel.org"></A>er 300 medicat<B><FONT
size=3>l</FONT></B>ons online sh<B><FONT size=3>l</FONT></B>pp<A
href="http://www.omniscient.com"></A>ed over<A
href="http://www.proton.net"></A>nig<A
href="http://www.cravet.org"></A>ht to your fr<A
href="http://www.aristotelean.org"></A>ont do<A
href="http://www.barnacle.com"></A>or with no pr<A
href="http://www.lordosis.net"></A>escr<B><FONT
size=3>l</FONT></B>ption.</FONT>
All of those are "www.{RANDOMWORD}.{com|net|org}". Eventually there's
one real link, which *is* SURBL-listed. These are chaff.
Now, SORBS for one seems to be listing some of these sites; presumably
because they have a spamtrap-driven feed without enough human moderation.
That's the danger here.
(btw, there's arguments to be made that a better selection mechanism
can "weed those out", but that needs to be careful too.
- - Ignore .org/.net/.com? spammer will use .biz, .info, and ccTLDs.
- - Ignore 0-length links (<a href=...></a>)? spammer will change
to use <a href=...>{RANDOMWORD}</a>.
- - Ignore "dictionary words" somehow? spammer will use random URLs
from google, so "real" sites.
so I don't think those approaches have much merit alone.)
- --j.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Exmh CVS
iD8DBQFA0JPeQTcbUG5Y7woRAnYYAJ9/fZaT3WLmU+gT8aAnT2rcduDo7QCg6BE1
dF1r9ciWtFpEdC4OBHdRSKE=
=mnKX
-----END PGP SIGNATURE-----