On Tuesday, September 7, 2004, 8:50:50 AM, Chris Santerre wrote:
OK, you asked for it ;)
Some of this info will give you a 'feel' for who the hosts operate.
Theo got us a list of 112 new false positives >from across all SURBLs. He showed me the source >messages which are almost all subscribed newsletters and mailing list >messages, so they seem quite hammy.
Given the type of source messages and some >spot checking, I'm inclined to whitelist them all, but I'd like to >ask for some help checking them first. Can anyone help check >these?
123inkjets.com
Oh, these guys are on my personal poop list!
http://groups.google.com/groups?q=123inkjets.com+abuse&hl=en&lr=&... =G&scoring=d
Domain List matching cluster of russ-effrig
* 1: 007inkjets.com * 2: 00inkjets.com * 3: 111inkjets.com * 4: 123cartridges.com * 5: 123inkjets.com
[...]
That's interesting, but I think it misses the point:
A. The question is not what domains has anyone ever seen in a spam.
B. The question is what domains has anyone ever seen in a ham.
If domains get mentioned in legitimate messages, we don't want to block them, right? That's the definition of a false positive. (That of course is assuming that people are smart enough to not process spam meta-discussion with anti-spam tools.)
A. In other words, we're not trying to catch every domain that's ever been mentioned in a spam.
B. We're trying to catch domains that are ***only*** mentioned in spams.
Anything else potentially causes false positives.
As I mentioned earlier this is a different paradigm than many people are used to. It may require some shifting of attitudes when dealing with these. I hope people are able to do that.
Jeff C.