Discuss

discuss@lists.surbl.org

1862 discussions

Recent SpamAssassin mass check results
by Jeff Chan 12 May '06

12 May '06

FWIW Here are last Saturday's SA mass check results, courtesy of Theo: http://www.surbl.org/news.html MSECS SPAM% HAM% S/O RANK SCORE NAME 0 181939 52229 0.777 0.00 0.00 (all messages) 0.00000 77.6959 22.3041 0.777 0.00 0.00 (all messages as %) 22.377 28.8009 0.0000 1.000 1.00 0.00 URIBL_SC_SURBL 26.604 34.2378 0.0134 1.000 1.00 0.00 URIBL_WS_SURBL 24.854 31.9854 0.0115 1.000 1.00 0.00 URIBL_JP_SURBL 12.423 15.9889 0.0000 1.000 0.98 0.00 URIBL_AB_SURBL 23.278 29.9463 0.0479 0.998 0.96 0.00 URIBL_OB_SURBL 0.236 0.3028 0.0038 0.988 0.67 0.00 URIBL_PH_SURBL 15.377 19.7803 0.0383 0.998 0.95 0.00 URIBL_SBL 29.707 38.1606 0.2585 0.993 0.85 0.00 URIBL_BLACK 0.020 0.0264 0.0000 1.000 0.50 0.00 URIBL_RED 0.515 0.4353 0.7946 0.354 0.45 0.00 URIBL_GREY Of particular relevance are the low false positives of some of the SURBL lists such as SC, AB and PH as shown in the low HAM% numbers. (Note that PH is important to use and score highly in order to detect phishes. It doesn't detect a large percentage of spams, but it likely detects many phishes.) The last three are presumably uribl.com lists. FPs on OB remain too high IMO, but we're continually working to try to improve both the FN and FP rates. Jeff C. -- Don't harm innocent bystanders.

2 1

en34.com
by Karen Wilson 04 May '06

04 May '06

I am getting a ton of porn spam about Russian girls. They come from a first name with no e-mail ID. On my fllter I found man, many e-mails from people at en34.com, which doesn't exist. Know anything? K

2 1

Re: [SURBL-Announce] MEFilter and milter-link add SURBL support
by Chris Sweeney 02 May '06

02 May '06

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Anyone download this? I can't seem to find it listed on the downloads page even after login. Jeff Chan wrote: > Two applications add SURBL support to Sendmail and MailEnable > respectively: > > > Anthony Howe of SnertSoft reports that his milter-link/0.1 for > Sendmail "extracts URLs from the message body (text, HTML, and/or > MIME encoded)" and checks them against SURBLs, or after domain > resolution against RBLs. Written in C, milter-link does on-the-fly > MIME decoding without using temporary files. > > http://www.snertsoft.com/sendmail/milter-link/ > > > Martyn Keen reports that his MEFilter, a bolt-on for the MailEnable > mail server, adds beta SURBL support. Test results are very > favorable. > > http://www.mefilter.com/ > > > Cheers, > > Jeff C. - -- Thanks Chris Check me out! Finally setup a MySpace.com account http://www.osubucks.net csweeney(a)osubucks.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFEUondS9AMNDUYgIcRAkCuAKCOFPTbVrfeNCbgyifUlsBbCQM0KACdHZEF JJWwX7NzjdYaTtidOaB0Hg8= =m413 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.

2 1

Re: [SURBL-Announce] milter-uri.pl is a Perl Sendmail milter
by Todd Vierling 28 Apr '06

28 Apr '06

On 4/28/06, Jeff Chan <jeffc(a)surbl.org> wrote: > Steve Freegard of Fort Systems Ltd. reports that milter-uri.pl is > a basic Sendmail milter written in Perl using Sendmail::PMilter > and SpamAssassin libraries. I happen to be the Sendmail::PMilter author. I suppose this would be a good time for me to go revisit the package and clean up a few things I've meant to do for a couple years. Unexpected attention can be a good motivator. ;) (BTW, if this makes it to the discuss@ list, I'm not on it, so if anyone needs my attention, keep me on Cc:.) -- -- Todd Vierling <tv(a)duh.org> <tv(a)pobox.com> <todd(a)vierling.name>

1 0

Domains not getting listed on SURBL
by Guy Rosen 24 Apr '06

24 Apr '06

Hi, We noticed a whole bunch of domains which are used by spammers affiliated with AdultActionCam that are consistently not getting listed on SURBL, and I thought I'd point it out. Are they maybe doing something special there to prevent getting listed? These are a few examples: hookinghawks dot com Giggaty dot com jerkingcough dot com superflighter dot com largebegs dot com payperblew dot com rufflyruse dot com Slaptick dot com purplefist dot com fallingfallers dot com jarsfilling dot com dinkybars dot com lostloverznow dot com losingthefill dot com leadingloverz dot com Regards, Guy Rosen Lead Analyst, Operations Team Blue Security http://www.bluesecurity.com/

2 1

URI Blacklisting at the MTA level
by Steve Freegard 18 Apr '06

18 Apr '06

Hi All, I've written a basic Sendmail milter in Perl using Sendmail::PMilter which uses the SpamAssassin libraries with just the 20_uri_tests.cf rules file (so it is relatively light) to strip the URI's from a message and then check them against multi.surbl.org and black.uribl.com and reject any messages that contains blacklisted URI's. It's rough code at the moment - there's no whitelisting or any start/stop scripts for it yet and this is my first attempt at anything in Perl - I've been running it on our spam trap for a while now and it's worked very well, I have not tried it on a production system yet. I'm posting it here in case anyone finds this useful and for comment - It can be downloaded from http://www.fsl.com/support/milter-uri.pl -- installation instructions are in the file. Finally - I'd like to say thanks to everyone involved in both SURBL and URIBL projects, you all do an excellent job of making lives difficult for the spammers :-) Kind regards, Steve. -- Steve Freegard Development Director Fort Systems Ltd. Skype: smfreegard

2 1

Autoreply: [SURBL-Discuss] URI Blacklisting at the MTA level
by scottwolf＠aginet.com 17 Apr '06

17 Apr '06

I am out of the office April 10th - April 22nd. I will have limited access to voicemail and e-mail. If you need assistance please contact Dave at aginet(a)aginet.com or 252-255-5557. Scott Wolf Aginet

1 0

RE: [SURBL-Discuss] html hex codes used in links
by Matthew.van.Eerde＠hbinc.com 03 Apr '06

03 Apr '06

Nathan Barham wrote: > I received a phishing scam yesterday where the domain part of the evil > link was in html hex code. This seems to defeat any SURBL listing. > I'm using a postfix body check to handle it now, but does anyone have > a better idea? It could be worse. They could be using javascript to factor a given product of large primes, and then using the factors to build the IP address. -- Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer

1 0

html hex codes used in links
by Nathan Barham 03 Apr '06

03 Apr '06

Hello list, I received a phishing scam yesterday where the domain part of the evil link was in html hex code. This seems to defeat any SURBL listing. I'm using a postfix body check to handle it now, but does anyone have a better idea? Thanks.

2 1

Spam In Form Of Gif File
by Warren Robinson 31 Mar '06

31 Mar '06

Hello, Has anyone figured out how to pull this spam in. The only common factor in the GIF hex file is GIF87a ! Look forward to your comments Regards Warren Robinson

3 2

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Discuss