On Thursday, November 18, 2004, 12:13:26 PM, Chris Santerre wrote:
About 15% of the spams I get are not in SURBL, but are by the time I try to add :)
Ask Terry Sullivan sometime what the theoretical maximum detection rate of a collective spam classification system might be. He had some research showing it maxes out at around 85%. So we're probably already pretty close to the theoretical limits of this type of system.
I have not done any study of domains that continue to try to spam despite being in SURBL. Any numbers on these? Possibly the most/longest hit domain in SURBL lookups??
SHould we post the top 25 lookups to SURBL?
You mean like:
http://www.surbl.org/dns-queries.blocklist.counts.txt
This sample of blocklist hits of SURBL list DNS queries ranked by number of hits?
Or the overall DNS queries:
http://www.surbl.org/dns-queries.counts.txt
including blocklist, whitelist, and unmatched hits, etc.
http://www.surbl.org/links.html
This way people can look at maybe denying these by IP at firewall?
If you're talking about sender IPs, zombies would defeat that. Or do you mean having the firewall parse the email messages and do a name resolution on the URI domains?
Jeff C. -- "If it appears in hams, then don't list it."