On Saturday, September 18, 2004 9:06 PM, Jeff Chan wrote:
The two strategies can be compatible in a somewhat kludgey way if we chose to not reduce the whole URI data, causing them to not match the domains extracted by SURBL code from messages found in the wild.
Yeah, that could possibly be an argument in the eval function... something like "check_uridnsbl('URIBL',1)" where the 1 does a match against the whole URI, but otherwise defaults to the URI reduction.
I'd still be interested to hear if you may be able to provide a version of the fraud data without sender domains or sender IPs.
In the case of the fraud list, I recall that all the data is from URIs, and doesn't contain any sender IP or reverse DNS info.
-- Jay Swackhamer jswack@nebularis.com Nebularis Inc http://www.nebularis.com MailPolice Spam&Virus Elimination http://www.mailpolice.com Tel: 1-613-843-9358 Fax: 1-613-825-5960