Discuss

discuss@lists.surbl.org

1 participants
1867 discussions

RE: [SURBL-Discuss] rsync
by Chris Santerre 12 Feb '05

12 Feb '05

> >I've got a pretty busy mail system (about 600k messages a day) >so I sent >an rsync request earlier this week but I haven't heard back >yet. I also >sent subscription requests on the announce and zones mailing lists and >haven't heard anything on those. All of these requests came from >support(a)fiber.net. > >If anyone can offer some advice it will be greatly appreciated. Hang in these Adam :) One of the guys is away at a conference, and another is swamped. I'm not trusted with the keys because I will lock myself out of the car with it running :) I'll see what I can do. --Chris

7 11

RE: [SURBL-Discuss] ANN: new surbl client (still beta)
by Chris Santerre 12 Feb '05

12 Feb '05

>I'm adding SURBL support to the urlbody plugin of spampal. >Spampal is a freeware windows local proxy anti-spam >application, with a userbase of almost 100.000. >(http://www.spampal.org/) > >I use only multi. At the moment only JP, but this will become >a configuration option. Probably also with a "two out of all" option. >- I've added a local skiplist with about top half of the >public "whitelist", no need to query those. >- Domains are only queried one time per e-mail (the local pc >DNS service would probably cache those, but anyway added...). >- If the're moere than 20 domains to check, only the first (or >last) 5 are done. > >Any suggestions are welcome. I suggest more people implement it just like you did! great job! Thanks for creating the skip list! --Chris

3 2

FP rate?
by Alain 12 Feb '05

12 Feb '05

Hi Has someone recent statistic on the FP's for the different sublists in multi? And if possible, has anybody statistics from FP's that where on several of the sublists -at the same time-? Something "like" the dns-hits in : http://www.surbl.org/permuted-hits.out.txt (which Google didn't find alink to, maybe adding a link inside one of the www.surbl.org pages would be nice...) I'm thinking of adding scoring each sublist to let the user decide on the FP safety. Is very easy for me to generate and seems easy to configure even for end users: a*[sc] + b*[ws] + c*[ob] + d* [jp] + e * [ab] + f * [ph] >= 100 for example d could 100 --> even a hit on jp is spam b could be 99 --> need at least another entry a,c could be 50 --> need more... Alain

2 1

RE: [SURBL-Discuss] How quick is data loaded into SURBL
by Chris Santerre 11 Feb '05

11 Feb '05

>On another list I am on someone indicated that the SC list is >only populated >with data once an hour. Is that correct? > >Darrell Anywhere from 15 minutes to 1 day. I believe the system checks every 15 minute for new entries. Submissions get round robin'd thru a bunch of contributors. depends on their time, and the domain submitted. If it has legit uses, we drop it. We don't inform people of the ones we drop, frankly because we don't have time. Other submissions might send up research flags, and we end up looking at those in-depth to add any other spam domains associated with it. Takes more time. We've tried to increase the rate they are entered, but not increase our FP rates. Try submitting the domain again, and it might go to another contributor with more time. Those spams submitted in non English languages take the longest, because many of us don't speak Spanish, chin ease, German, ....... :) --Chris

1 0

Scheduled, Distributed Email Stream Monitoring
by Matthew Wilson 11 Feb '05

11 Feb '05

For the SARE and SURBL folks - I would love to decrease the delay between when a spammy URL appears in the message stream and when it's submitted to the WS SURBL gods for blacklisting. Here is an idea that may have been discussed before; if so, just ignore it. :) Currently, the SARE guys have some kind of rotating schedule of who checks the WS submissions, correct? Wouldn't it be nice if there were some kind of similar volunteer-based rotating schedule that listed who would be responsible for monitoring the raw message stream and submitting unlisted spam domains? This kind of anonymous schedule handled through rulesemporium.com, and if you had some sort of accountability enforcement. For instance, each submitter could log in with an account, so the validity of their WS SURBL submissions could be tracked by the SARE folks. If they're submitting a bunch of bogus domains or non-spam domains, their account would be disabled. Each submitter could sign up for a 15-minute slice of time per week (dividing the week into 672 timeslots), and of course more than 1 submitter could take a timeslot, and each submitter could take more than one timeslot. Each submitter's "record" (domains successfully submitted and blacklisted) would be *anonymously* available to the public through rulesemporium.com, as a form of reputation incentive. Benefits: 1. The SURBL community would have the confidence that the message stream is being monitored by *someone* at all times. 2. Each individual member of the SURBL community would have a higher incentive to sacrifice some of each's time to submit spammed domains. The higher incentive is the knowledge the the community is (in a sense) depending on them to submit spammed domains within that certain period of time. The additional incentive to report would come from a decent assurance that it is far less likely that someone else is reporting the same domain, and hence it's less likely that any given submission would be a duplicate. 3. WS SURBL's reporting latency would hopefully decrease, because more people would be submitting. My Motivation: What prompted me to write this was the fact that some of my customers were complaining that lots of spams were slipping through, so I spent about 30 minutes looking at the false negatives, and all of the domains but 1 of the ones I looked at were not yet listed in SURBL. So I submitted 10-15 domains, and thought to myself... I would do this more often and on a regular schedule if only I knew that others were also willing to sacrifice 15-30 minutes out of their week to the same cause...... Thanks for taking the time to read this suggestion. Matthew Wilson matthew(a)boomer.com

3 4

RE: Scheduled, Distributed Email Stream Monitoring
by Chris Santerre 11 Feb '05

11 Feb '05

Wow I just read this :) I'm Top posting so SARE knows who the heck its coming from :) Not all of SARE is involved in SURBL. We've had to split our time up. I myself have put way more time into SURBL then SARE the last several months. Thankfully those ninjas keep on trucking! (I've got a ruleset in development, I swear!!) :) There are some test going on with automation of some of the processes. However it does result in a 'few' FPs that we don't like. It is still being tweaked. Personally I spend about 1-3 hours a day on SURBL, sometimes more. But I go way beyond the simple listing of domains. Researching the data brings forth much more info. Listing domains can be quite fast if you throw out the questionible ones. The main problem is trust. We simply need to keep SURBL contributors to a choice few. FPs are our enemy, more so then the actual spam :) There are plenty of people we trust, but few who have the time. I like your solution, but it might be just as easy to add 2 more trusted contributors. --Chris >-----Original Message----- >From: Matthew Wilson [mailto:matthew@boomer.com] >Sent: Wednesday, February 09, 2005 9:17 PM >To: SURBL Discussion list >Subject: Scheduled, Distributed Email Stream Monitoring > > >For the SARE and SURBL folks - > >I would love to decrease the delay between when a spammy URL appears in >the message stream and when it's submitted to the WS SURBL gods for >blacklisting. Here is an idea that may have been discussed before; if >so, just ignore it. :) > >Currently, the SARE guys have some kind of rotating schedule of who >checks the WS submissions, correct? > >Wouldn't it be nice if there were some kind of similar volunteer-based >rotating schedule that listed who would be responsible for monitoring >the raw message stream and submitting unlisted spam domains? This kind >of anonymous schedule handled through rulesemporium.com, and if you had >some sort of accountability enforcement. > >For instance, each submitter could log in with an account, so the >validity of their WS SURBL submissions could be tracked by the SARE >folks. If they're submitting a bunch of bogus domains or non-spam >domains, their account would be disabled. > >Each submitter could sign up for a 15-minute slice of time per week >(dividing the week into 672 timeslots), and of course more than 1 >submitter could take a timeslot, and each submitter could take >more than >one timeslot. > >Each submitter's "record" (domains successfully submitted and >blacklisted) would be *anonymously* available to the public through >rulesemporium.com, as a form of reputation incentive. > >Benefits: > >1. The SURBL community would have the confidence that the >message stream >is being monitored by *someone* at all times. > >2. Each individual member of the SURBL community would have a higher >incentive to sacrifice some of each's time to submit spammed domains. >The higher incentive is the knowledge the the community is (in a sense) >depending on them to submit spammed domains within that certain period >of time. The additional incentive to report would come from a decent >assurance that it is far less likely that someone else is reporting the >same domain, and hence it's less likely that any given submission would >be a duplicate. > >3. WS SURBL's reporting latency would hopefully decrease, because more >people would be submitting. > >My Motivation: >What prompted me to write this was the fact that some of my customers >were complaining that lots of spams were slipping through, so I spent >about 30 minutes looking at the false negatives, and all of the domains >but 1 of the ones I looked at were not yet listed in SURBL. So I >submitted 10-15 domains, and thought to myself... I would do this more >often and on a regular schedule if only I knew that others were also >willing to sacrifice 15-30 minutes out of their week to the same >cause...... > >Thanks for taking the time to read this suggestion. > >Matthew Wilson >matthew(a)boomer.com > >

2 1

Pfizer and Microsoft sue Viagra spammers
by Jeff Chan 11 Feb '05

11 Feb '05

http://news.yahoo.com/news?tmpl=story&u=/ap/20050210/ap_on_hi_te/viagra_spa… NEW YORK (AP) - Pfizer Inc. and Microsoft Corp. are teaming up to fight the slew of spam e-mails hawking Viagra [...] The companies said Thursday they had filed a total of 17 lawsuits __ http://www.reuters.com/newsArticle.jhtml?type=domesticNews&storyID=7598201&… Pfizer, Microsoft Sue Web Sites Over Illegal Viagra Thu Feb 10, 2005 03:30 PM ET By Bill Berkrot NEW YORK (Reuters) - Pfizer Inc. and Microsoft Corp. said on Thursday they filed parallel lawsuits against Web site operators and spam advertisers that sell illegal versions of Pfizer's Viagra. The companies said the lawsuits follow a seven-month investigation to discover the identity of two Web site operators together with those advertising them via spam e-mails. Pfizer has filed suit against CanadianPharmacy and E-Pharmacy Direct, while Microsoft has filed civil actions against the spam advertisers for the Web sites. Microsoft has also filed three suits against spam advertisers who advertise unauthorized or counterfeit versions of Viagra on other online pharmacies under such names as Discount RX, Virtual RX, and EzyDrugStore.com. Jeff C. -- Jeff Chan mailto:jeffc@surbl.org http://www.surbl.org/

1 0

Surbl getting tripped, but I can't figure out why
by Alden Levy 11 Feb '05

11 Feb '05

Maybe I'm dense (or haven't been paying too much attention to SA/MS/SURBL, because they've been working so well), but I received a few emails this AM from clients and vendors who have sent us emails before that were marked as spam. For example, I received an email from blinkingeyemedia .com (NOT listed in SURBL), but the SA header section listed: X-E9-MailScanner-SpamCheck: spam, SpamAssassin (score=10.401, required 5, BAYES_00 -2.60, URIBL_OB_SURBL 4.00, URIBL_PH_SURBL 5.00, URIBL_SC_SURBL 4.00) The only URLs in the whole email were blinkingeyemedia (in a sig) and engineno9inc .com (my domain) in a mailto: from a response. This happened twice with this particular correspondent, but other emails got through just fine (with the same URLs and at roughly the same time)! A client sent an email to one of my domains, jksevents .com (not listed), and the only url in the email was jksevents in a mailto:. Similar response from SURBL. Has anyone seen this? Do I need to post more info? Does someone need to see the email off list? I've had this happen before, but they were one offs, and when they occurred, I checked the lookup, scratched my head when the URLs didn't show, and promptly put them on the back burner. Thanks! Alden

2 2

Passive DNS replication
by Jeff Chan 10 Feb '05

10 Feb '05

I think this idea may have been mentioned before, but it's a useful way to find domains associated with an IP address, etc. http://www.enyo.de/fw/software/dnslogger/ http://cert.uni-stuttgart.de/stats/dns-replication.php (The links were forwarded to me.) It's probably similar to what whois.sc is doing for their fee-based reverse IP lookup service. But they probably have more sensors. http://www.whois.sc/reverse-ip/ Jeff C. -- "If it appears in hams, then don't list it."

2 1

rsync
by Adam Bayless 09 Feb '05

09 Feb '05

I've got a pretty busy mail system (about 600k messages a day) so I sent an rsync request earlier this week but I haven't heard back yet. I also sent subscription requests on the announce and zones mailing lists and haven't heard anything on those. All of these requests came from support(a)fiber.net. If anyone can offer some advice it will be greatly appreciated. Thanks! -Adam

2 1

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Discuss