Discuss

discuss@lists.surbl.org

1 participants
1867 discussions

Question about scoring in SA3
by Kevin A. McGrail 21 May '05

21 May '05

I've been very pleased with SURBL in SA3 and I'd like to increase the scores. However, I don't understand how the default scores like this work: rules/50_scores.cf:score URIBL_AB_SURBL 0 2.007 0 0.417 rules/50_scores.cf:score URIBL_OB_SURBL 0 1.996 0 3.213 rules/50_scores.cf:score URIBL_PH_SURBL 0 0.839 0 2.000 rules/50_scores.cf:score URIBL_SC_SURBL 0 3.897 0 4.263 rules/50_scores.cf:score URIBL_WS_SURBL 0 0.539 0 1.462 I feel SA is being too conservative with the resource that SURBL provides. Can anyone give me their recommendations for my local configuration file for replacement scores that will be more effective? And since I couldn't find it referenced, can anyone tell me what the four numbers after the score mean? Regards, KAM

5 11

Reporting phishing-spams?
by Martin 20 May '05

20 May '05

Where is the best place to report phishing-spam? Thanks / Martin

2 2

some urls tht missed this morning
by Rakesh 20 May '05

20 May '05

Hi these three urls weren't listed in multi.surbl.org at 5:00 AM GMT. wonderfulcompressorwell.com bobtangofunny.com wonderfulcomplimentwell.com -- Regards, Rakesh B. Pal Project Leader Emergic CleanMail Team. Netcore Solutions Pvt. Ltd. ======================================================== Success is how high you reach after you hit the bottom. ========================================================

6 10

Re: [SURBL-Discuss] LInk to add to SURBL
by List Mail User 20 May '05

20 May '05

>... >> 220 max.madplus.com ESMTP Merak 7.4.5; Wed, 18 May 2005 12:11:27 -0400 >> quit > >> Same registrant also owns gmbdream. com and uses the company name >> of "GMB Direct". > >Thanks Paul. Does any of this help inform us about how spammy >this critter is? > >Jeff C. >-- >Don't harm innocent bystanders. > >... There is the quick results from a Goggle search which shows that "GMB Direct" runs a group of "email marketeering" companies/domains/sites which vary in published policies. A short list (just from the first few Google hits) include: **** First a few "general" hits **** Email Results: Permission Email Marketing Resources for Advertisers www.emailresults.com/directory_ category.asp?CategoryID=4027 GMBDirect - Contact us www.gmbdirect.com/en/contacts/ GMBDirect - About opt-in marketing www.gmbdirect.com/en/marketing/ **** The first "really suspicious one" **** ... Bulk direct e-mail marketing services available through our partners GMB Direct. ... +Direct E-mail Marketing with our partners at GMB Direct. ... www.flashcap.com/Main%20Site/ Services/Params/menu/100/default.aspx **** Some "clear" slime **** Sweeps-US.com - About Us ... COM is one of the family of Web sites owned and operated by GMB DIRECT. Founded in 1998, GMB DIRECT is a leader within the online marketing industry. ... sweeps-us.com/aboutus/ **** Uh-Oh - an "affiliate" program **** Welcome to GMBDirect Affiliate Network ... 1-877-GMB-DIRECT. 1-877-462-3473. info(a)gmbtrack.com. Member Log In. Username :. Password :. Publisher, Advertiser ... gmbtrack.com/ **** Now more slime **** Sweeps-US.com - About Us ... COM is one of the family of Web sites owned and operated by GMB DIRECT. Founded in 1998, GMB DIRECT is a leader within the online marketing industry. ... sweeps-us.com/aboutus/ **** Buy "opt-in" mailing lists **** Optin Email Directory Directory - Business directory, Business to ... ... Email Marketing - National, Click to visit! GMB Direct. www.gmbdirect.com. New York, New York. 877 GMB Direct. Click to visit! Targetware. www.targetware.com. ... www.optinemaildirectory.com/s.asp?d=1478 **** Finally the "give-away" - true "slime" - the privacy page from a Russian site they run (read the find print) **** E-Get - Privacy policy Privacy policy Last Updated: March 12, 2004. GMB Direct ("GMB Direct," "we," "us," "our") has created this site (the "Site") in order to advise you of GMB ... www.vme.net.ru/Privacy/ Against them; Their contract specifically states they are not responsible for the "correctness" of the lists. They will "rent" or "sell" email address lists. They will willingly transfer data gathered from one client to any other paying client (read the "privacy" statement). They have an extremely large number of domains, many hidden with private registrations. In their defense; They are very expensive compared to many spammers. They claim some large companies as customers. --- Thats it. They make it seem like they are legit, but they offer to use any customer provided list to email to (with no mention about "checking"). So clearly they are in the "spam support" business but may have some legitimate customers; Also, many of there domains are "hidden" with private registrations and their seem to fall into three categories - the ones that say they are GMB and are trying to sell services, the ones that say they are GMB but are for gathering personal information using questionable "sweepstakes" (e.g. Win a {TV, Gift Certificate, Sony VAIO, etc}) and other tatics, and finally the ones which do not identify themselves at all. The mere existence if the third group makes them slime (as does the second) and probably make them spammers for themselves as well as for customers (this wouldn't stand up in court, but probably would for a Grand Jury - You can decide where the decision should fall). So the question of "how spammy" is still open, but "are they spammers" is answered (i.e. you may want to list some domains, but not others). Paul Shupak track(a)plectere.com

1 0

Re: [SURBL-Discuss] Reporting phishing-spams?
by Joe Zitnik 19 May '05

19 May '05

Usually to the organization that is being misrepresented is a good place to start. I know there are addresses set up just for this with some companies, spoof(a)paypal.com and spoof(a)ebay.com come to mind. They might not actually do anything, but they are there. :-( >>> martin.lyberg(a)idkommunikation.com 5/19/2005 4:03 AM >>> Where is the best place to report phishing-spam? Thanks / Martin _______________________________________________ Discuss mailing list Discuss(a)lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss

1 0

Re: [SURBL-Discuss] LInk to add to SURBL
by List Mail User 19 May '05

19 May '05

... > >spam link. > >http://www.kexmt.move.fresh-deals.net/go/g/31/2869/1/?3495564 > >Dan Zachary > >_______________________________________________ >Discuss mailing list >Discuss(a)lists.surbl.org >http://lists.surbl.org/mailman/listinfo/discuss > Despite hiding behind a "private registration": % nslookup -type=any fresh-deals.net ns1.fresh-deals.net Server: ns1.fresh-deals.net Address: 206.131.233.2#53 fresh-deals.net origin = ns1.fresh-deals.net mail addr = hostmaster.fresh-deals.net serial = 2005050501 refresh = 86400 retry = 3600 expire = 777600 minimum = 3600 fresh-deals.net nameserver = ns1.fresh-deals.net. Name: fresh-deals.net Address: 206.131.233.2 fresh-deals.net mail exchanger = 10 max.fresh-deals.net. % nslookup -type=any max.fresh-deals.net ns1.fresh-deals.net Server: ns1.fresh-deals.net Address: 206.131.233.2#53 Name: max.fresh-deals.net Address: 206.131.233.2 % nslookup -type=any 206.131.233.2 ns1.madplus.com Server: ns1.madplus.com Address: 206.131.233.2#53 2.233.131.206.in-addr.arpa name = max.madplus.com. % telnet max.fresh-deals.net 25 Trying 206.131.233.2... Connected to max.fresh-deals.net. Escape character is '^]'. 220 max.madplus.com ESMTP Merak 7.4.5; Wed, 18 May 2005 12:11:27 -0400 quit Same registrant also owns gmbdream. com and uses the company name of "GMB Direct". Paul Shupak track(a)plectere.com

2 1

Re: [SURBL-Discuss] LInk to add to SURBL
by List Mail User 18 May '05

18 May '05

>... > >On Wednesday, May 18, 2005, 6:44:05 AM, Spam Admin wrote: >> spam link. > >> http://www.kexmt.move.fresh-deals.net/go/g/31/2869/1/?3495564 > >> Dan Zachary > >Hi Dan, >This is a recently registered domain (a couple weeks ago) >but it doesn't seem to resolve into spaces that are known >to be spammy. That may just mean spammers have moved into >a new network space, etc. > >However there are a number of odd things about this domain >from the registration, to the host's registration, etc. >And it doesn't seem to resolve currently. > >Is anyone else seeing this in spams? > >Jeff C. >-- >Don't harm innocent bystanders. > >_______________________________________________ >Discuss mailing list >Discuss(a)lists.surbl.org >http://lists.surbl.org/mailman/listinfo/discuss > The actual registrant is below - have to do better to hide behind a "private registration". % jwhois madplus.com [Querying whois.internic.net] [Redirected to whois.enom.com] [Querying whois.enom.com] [whois.enom.com] Registration Service Provided By: Contact: abuse-ns(a)gmbdream.com Visit: Domain name: madplus.com Administrative Contact: Paul Davis (abuse-ns(a)gmbdream.com) +1.6465363193 Fax: +1.- 60 E 42 Street Suite 449 NewYork, NY 10165 US Billing Contact: Paul Davis (abuse-ns(a)gmbdream.com) +1.6465363193 Fax: +1.- 60 E 42 Street Suite 449 NewYork, NY 10165 US Technical Contact: Paul Davis (abuse-ns(a)gmbdream.com) +1.6465363193 Fax: +1.- 60 E 42 Street Suite 449 NewYork, NY 10165 US Registrant Contact: Paul Davis (abuse-ns(a)gmbdream.com) +1.6465363193 Fax: +1.- 60 E 42 Street Suite 449 NewYork, NY 10165 US Status: Active Name Servers: ns1.madplus.com ns2.madplus.com Creation date: 15 Mar 2005 07:56:39 Expiration date: 15 Mar 2006 07:56:39 The data in this whois database is provided to you for information purposes only, that is, to assist you in obtaining information about or related to a domain name registration record. We make this information available "as is," and do not guarantee its accuracy. By submitting a whois query, you agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to: (1) enable high volume, automated, electronic processes that stress or load this whois database system providing you this information; or (2) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via direct mail, electronic mail, or by telephone. The compilation, repackaging, dissemination or other use of this data is expressly prohibited without prior written consent from us. The registrar of record is eNom. We reserve the right to modify these terms at any time. By submitting this query, you agree to abide by these terms. Version 6.3 4/3/2002 Paul Shupak track(a)plectere.com

1 0

Re: [SURBL-Discuss] LInk to add to SURBL
by List Mail User 18 May '05

18 May '05

>From discuss-bounces(a)lists.surbl.org Wed May 18 06:57:18 2005 X-Scanned-By: RAE MPP/Clamd http://raeinternet.com/mpp Date: Wed, 18 May 2005 09:44:05 -0400 From: Spam Admin <spam_admin(a)sil.org> User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050317) X-Accept-Language: en-us, en MIME-Version: 1.0 To: SURBL Discussion list <discuss(a)lists.surbl.org> References: <00ad01c55ba8$75db8040$cc0a0a0a(a)thoughtworthy.internal> <428B41AB.7060701(a)sil.org> In-Reply-To: <428B41AB.7060701(a)sil.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Prolocation-MailScanner-Information: Please contact helpdesk(a)prolocation.net for more information X-Prolocation-MailScanner: Found to be clean X-Prolocation-MailScanner-SpamCheck: X-Prolocation-MailScanner-From: spam_admin(a)sil.org Subject: [SURBL-Discuss] LInk to add to SURBL X-BeenThere: discuss(a)lists.surbl.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: SURBL Discussion list <discuss(a)lists.surbl.org> List-Id: SURBL Discussion list <discuss.lists.surbl.org> List-Unsubscribe: <http://lists.surbl.org/mailman/listinfo/discuss>, <mailto:discuss-request@lists.surbl.org?subject=unsubscribe> List-Archive: <http://lists.surbl.org/pipermail/discuss> List-Post: <mailto:discuss@lists.surbl.org> List-Help: <mailto:discuss-request@lists.surbl.org?subject=help> List-Subscribe: <http://lists.surbl.org/mailman/listinfo/discuss>, <mailto:discuss-request@lists.surbl.org?subject=subscribe> Sender: discuss-bounces(a)lists.surbl.org Errors-To: discuss-bounces(a)lists.surbl.org X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on nepal.plectere.com X-Spam-Status: No, score=-102.3 required=5.0 tests=AWL,BAYES_00,URIBL_L2SPEWS, USER_IN_WHITELIST autolearn=no version=3.0.1 X-Spam-Level-Plectere: spam link. http://www.kexmt.move.fresh-deals.net/go/g/31/2869/1/?3495564 Dan Zachary _______________________________________________ Discuss mailing list Discuss(a)lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss

1 0

Re: [SPAM-TAG] [SURBL-Discuss] Would SURBL block Yahoo, redirect? (Jeff Chan)
by J. Fowler 17 May '05

17 May '05

> So it checks yahoo.com and thelumbercartel.com . I'm certainly not suggesting thelubercartel.com was spamming. Just wanted to make that clear. The actual spam seen came from: http://google.com.s1gns.net/mortgage.asp And thanks. My concern was for the applications such as SA catching long urls. Jay

1 0

Would SURBL block Yahoo redirect?
by J. Fowler 17 May '05

17 May '05

Hello, Is this something Yahoo should be concerned with? Would SURBL lists flag spam if the leading url was yahoo? http://rds.yahoo.com/*-http://www.thelumbercartel.com/ I caught a few spams using yahoo to disguise their URL. saw somthing like this: http://rds.yahoo.com/S=1/K=r/v=3/e=0/t=0/i=1/r=1/*-http://google.com.s1gns.… Just curious what you guys thought.

3 3

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Discuss