On Friday, October 22, 2004, 12:25:12 PM, Matthew Wilson wrote:
If I were a spammer monitoring this list's traffic (there have got to be some), I would buy up a bunch of domains that were registered a few years ago but expired, throw up a bunch of bogus "legitimate looking" content, send out a bunch of spam using those "legitimate" domain names, and then complain to Jeff et al. that SURBL is generating false positives. According to current policies, my sites would be whitelisted, "yay!".
We don't just look at the sites. We also look at the spams, other sites in the same domain, hams, inclusion in SBL, NANAS hits, DMOZ hits, etc.
Using expired domains won't help them because when they re-register it, the creation date gets reset. We look at registrar data, not historical records of (old) web sites.
It's my opinion that you have to draw the line somewhere because of this, and hosting entities who don't have compliant AUPs or enforce their AUPs with any speed need to be listed somehow.
I don't see legitimate ISPs who have reasonable AUPs as being a major problem. Sure they may get some abuse, but it's relatively minor and they shut it down eventually. These kinds of sites don't tend to be used by the people using zombies to send out millions of spams per day. They need something more reliable for their hosting, and that means custom domains at China Telecom, Hanaro, Brazil, etc.
Jeff C. -- "If it appears in hams, then don't list it."