On 03/23/2012 05:47 AM, SURBL Whitelisters wrote:
Thanks for some interesting research. One thing we might caution about is forming an unintentional feedback loop with abusers. If abuse information is provided publically then it can be used by the attackers to improve their attacks. We don't know that it's happening in this case, but it's something to be aware of.
Is the concern that I'm publishing the list as opposed to requiring a specific query to answer? My intent has been to share abuse data among sites running my source code (potentially, after considering reputation issues), since I don't want to run a DNS lookup service for all my code users or be a central point of failure with the abuse data.
I don't feel I'm being particularly revealing here since I'm not disclosing how I end up deciding those IPs and those domains are abusive. But,... my code all gets released as Open Source, so that too, will become publicly available knowledge soon.
Since I started collecting instead of ignoring this data about 20 hours ago, the number of base domains involved in the abuse has only gone up to 246, only a few more than where it had been last night.
The number of IP addresses involved in this (bot) abuse continues to rise. It's at 6932 right now. It will be around 6945 by the time this message gets distributed by the mailing list.
- Ron