Discuss

discuss@lists.surbl.org

1 participants
1864 discussions

Child porn URLs
by Mariano Absatz 15 Oct '04

15 Oct '04

Hi, I just reported this mail with its 3 URLs to spamcop and ws.surbl... I urge other list mantainers to add them since it contains disgusting child pornography... For what I can understand in http://www.sg.st, although sg.st is not an 'official' 2LD of st, it seems that this is a bulk registry for the domains HK.ST - CN.ST - TW.ST - SG.ST. The official NIC for st (São Tomé & Principe) seems to be http://www.nic.st. As I undertand it, the SG.ST domain should be whitelisted... Regards. Received: from c-24-12-31-157.client.comcast.net (HELO smtp.hotpop.com) (24.12.31.157) by mail.example.com with SMTP; 13 Oct 2004 20:17:24 -0000 Date: Fri, 15 Oct 2004 22:56:09 +0000 From: mangled <mangled(a)example.com> Subject: Hi. To: FILE <mangled(a)example.com> References: <mangled(a)example.com> In-Reply-To: <mangled(a)example.com> Message-ID: <mangled(a)example.com> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7BIT Hey, I've found true BL Hits! Over 12000 users here. http://pbfiles.sg.st and http://ggboys.sg.st Giant Lo collection here: http://ptz-portal.sg.st Best, Michael Berkly. p.s. looking for your quickest reply. -- Mariano Absatz - El Baby el (dot) baby (AT) gmail (dot) com el (punto) baby (ARROBA:@) gmail (punto) com

5 11

WS FP
by Daniel Kleinsinger 15 Oct '04

15 Oct '04

freepichosting . com In a craigslist email. Thanks, Daniel

2 2

FP?: ultimatebizsource.biz
by Joe Wein 15 Oct '04

15 Oct '04

ultimatebizsource.biz claims to be an opt-in list with 55,000 subscribers. It's currently listed on [WS] and [JP] but not my personal list. I know, the name alone sounds like your typical spammer domain, but is it? Today the owner of getyoursiteongoogle.info mailed me, since I had blacklisted their domain. Turns out the evidence was a mailing from ultimatebizsource.biz which was listed on WS and JP. Since the recipient was a third party from the Prolocation feed, I could not easily verify if it was indeed unsolicited, but I checked what I could check quickly. To my surprize the outgoing mailserver's IP is not listed on any of the RBLs and neither are the name servers or the resolved name. There is only 1 NANAS sighting for this almost one year old domain. That posting is an automated one, and probably related to an ahbl.org listing mentioned in the SA-tags added to the evidence mail. I can find no listing for them at ahbl.org now. A web search for the domain name returns a single hit: http://www.google.com/search?q=ultimatebizsource.biz+spam That looks too little for 55,000 mails per day for one year. Joe

2 1

Re: [ST #592239]:postmaster: Re: [SURBL-Discuss] FP in OB ?
by Jeff Chan 14 Oct '04

14 Oct '04

On Thursday, October 14, 2004, 5:20:56 AM, Tony RT wrote: > [jeffc(a)surbl.org - Thu Oct 14 12:10:09 2004]: >> > In this months Microsoft Security update mailout there is a domain >> > mentioned in the credits, persiax.com. Web version includes the same >> > domain... >> Outblaze Postmaster, >> Can you tell us why persiax.com is listed? > Jeff, > If our spamtraps or our users report spam, we scan the body. > If we find domains that are "new" in the body, the domain gets blocked. > persiax.com is now removed. > TonyB Thanks Tony. May I suggest that you consider checking a domain before listing it? Just because a few customers consider it spam doesn't necessarily mean other customers might not want to get it. I ask because there seem to be some legitimate sites getting onto your lists which some customers may legitimately want to get. For example none of the recent FPs have had to do with pills, mortgages, warez, etc. Another recent example is browsehappy.com run by the Web Standards Project: http://webstandards.org/act/campaign/happy/ which seem pretty unlikely to be professional or even casual spammers, no matter what users may report. Users are sometimes wrong, so data should be checked, IMO. Jeff C. -- "If it appears in hams, then don't list it."

1 0

FP in OB ?
by Joseph Burford 14 Oct '04

14 Oct '04

Guys, not sure what the criteria for listing/de-listing in OB is. In this months Microsoft Security update mailout there is a domain mentioned in the credits, persiax.com. Web version includes the same domain... http://www.microsoft.com/technet/security/bulletin/MS04-oct.mspx This is a new domain, about a month old, 0 NANAS, looks like a personal site with 0 content, some guy in Iran who was about to get his 15mins of fame :) Not a whitelist candidate IMHO but am curious why it's in there. Regards, Joseph

2 1

FP on WS
by Joseph Burford 14 Oct '04

14 Oct '04

Hi All, bluedomino.com In my mind a FP on the WS list. Domain age in days: 2168 Associated with CoffeeCup, the age old HTML editing software. Only place I've seen it mentioned is in the normal mailouts from CoffeeCup to people who have downloaded their software or who are on the mailing list. NANAS sightings about 10, some are just reports of customers they host, nothing really recent. I'd be intrigued to know how it got on WS. Regards, Joseph

2 4

Doesn't multi contain everything from WS and others?
by Thomas Johnson 14 Oct '04

14 Oct '04

(Sorry about that - hit send a little too early). Perhaps I'm confused, but shouldn't something listed in WS and JP also be in multi? Here's a domain from an email that made it through our filters: http://y.net.mystuffsupplyMUNGED.com?f4=T12k62 # dig +short @localhost mystuffsupplyMUNGED.com.ws.surbl.org 127.0.0.2 # dig +short mystuffsupplyMUNGED.com.multi.surbl.org <nothing> Am I missing something?

3 4

RE: [SURBL-Discuss] Revised DMOZ data, got Wikipedia domains too
by Chris Santerre 14 Oct '04

14 Oct '04

>-----Original Message----- >From: Jeff Chan [mailto:jeffc@surbl.org] >Sent: Saturday, October 09, 2004 3:10 AM >To: SURBL Discussion list >Subject: Re: [SURBL-Discuss] Revised DMOZ data, got Wikipedia domains >too > > >On Friday, October 8, 2004, 11:37:03 PM, Alex Broens wrote: >> tripod and geocities have given spammers a home for many years... and >> there's many other freehosters who have become "victims" as well. > >> if not permitted to blacklist, at least treat as 2nd level >tld so we can >> get rid of the spam coming from them > >That's possible, but not something we've done so far. I don't >see shared domain hosting as a major spam destination. Maybe >they are a minor annoyance, but nothing like the pill spammers >hosted in China, Korea, Brazil, etc. > >The difference is that geocities, tripod, angelfire, etc. ought >to have some incentive to get rid of these minor abusers since >they make so little money from them. The pill/mortgage/warez/etc. >spam hosters probably make a lot more money from their spamming >customers, so they have an incentive too keep them. > >In the case where there is some legitimate company like Yahoo >or Lycos (parents of geocities, tripod, etc) to police their >customers and enforce their AUPs, then spam victims should >report them and let them do the enforcing. Since these >companies are mostly legitimate and probably do spend some >resources dealing with abuse, they have an incentive to >reduce abuse since it probably costs them more money than >it gains them. > >One of the main reasons for doing SURBLs was to be able to >do something about the hosting companies who don't have AUPs >against spam or don't enforce them. > >Bottom line is that tripod, etc. are mostly irrelevant compared >to the professional spam gangs who send a lot more spam. SURBLs >are for listing the domains of the bigger fish who have found >spam-friendly hosts, regardless of where those hosts are. > All I can say to that is, it is small amount....for now. I don't see any harm in treating these as second and thrid TLDs. We are already doing all the same work, and seeing the same domains anyway while looking at spams. Why not just add them as 2-3 level? We are doing all the work now, and just throwing the listing away. --Chris

5 8

voicemessage . com listed in WS
by Fred 14 Oct '04

14 Oct '04

I received a virus today which included a link to virt.voicemessage . com This domain was registered 02-DEC-1996, I hand checked the domain, they appear to be a business partner with Avaya. Just because a virus uses this domain name in a attempt to trick the user, is not a reason to list. This domain appears in ham because when my customers receive undetected viruses, I ask them to send them to me and then it's part of mail I need to receive. Does anyone have any spam from this domain or was it listed solely on the fact that it appeared in a virus the committer received? Thanks!

3 3

submit domain?
by Lindsay Snider 13 Oct '04

13 Oct '04

acarmart DOT com What is our policy for adding domains like that above. It appears to be a link builder w/ no real content. And I appologise for not checking Jeff's website of criteria for adding a domain. I wasn't able to find a link so if any one has a bookmark available, I'd greatly appreciate it. -lindsay

2 2

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Discuss