[Update, Chris wrote off list that he's put up a quick be.htm page to be prettified later.]
On Wednesday, April 21, 2004, 7:36:08 AM, Chris Santerre wrote:
Sounds good. Can you let me know what kind of TTL I should set?
Well I am now trying to update at least every other day. This way I won't fall behind. But I'm now getting every day. I always test overnight, because too many people rely on the list now. I usually post before noon EST.
OK sounds like an 8 or 12 hour TTL is appropriate then; setting to 8 now.
Any idea how often Paul updates MidEvil?
Basically I'd like to set the lifetime of the zone info to something relevant towards how often you and Paul usually update the lists. Nothing too specific is needed, just a general idea. Like is it daily, twice a day, every other day on average, etc.
Also does this TXT record work for you guys:
"Blocked in BigEvil. See: http://www.rulesemporium.com/"
It was just a generic placeholder. I'd like comments/improvements on it.
How about www.rulesemporium.com/be.htm ? I can make a page just for that error? Otherwise it is fine.
Done. Please set up a page when you get a chance... :-)
- BigEvil wildcards. Not sure how you would handle these.
Something like
evil\d{2,4}spam.com is a general wildcard. Some of those
domains don't even
exhist. Not sure how SURBL will handle that.
Yes, I should have mentioned that I'm simply discarding them. Unfortunately there's no easy way to deal with them. Domains without any patterns in them, which are a majority, come right through. The script is at:
Can we make sure that when you announce this to the public that they know this! :) I can see the flurry of emails now.
Definitely will mention the differences in the announcement and web site!
- What is the quickest way to check a domain against the
other SURBL lists?
Basically I see no reason to duplicate the listings. *gulp* and on a Windowze machine? (Don't ask!)
I wouldn't worry too much about that for now. For now we just want to get an accurate record of everything. We're working on ways to merge things next.
Well ok, but I still want to look others up if I have a domain in question :) Will there be a quick web page to look up a domain? Or do I do an NSLOOKUP using the SURBL?
You can find the domains currently going into the SURBL lists at:
sc: http://spamcheck.freeapp.net/top-sites-domains
ws: http://spamcheck.freeapp.net/sa-blacklist.current.domains.afterwhitelist
be: http://spamcheck.freeapp.net/bigevil.domains.afterwhitelist
But frankly I like the fact that there is some overlap in the lists. In a sense that represents multiple reporting; i.e. a domain in more than one list is more likely a bad guy. I don't think we should lose that coding.
YMMV, but I'd say keep any overlap in BE. It's a feature not a bug.
- Has there been any talk with the sendmail people? It
would be interesting
to actually block at the MTA level based on an evil URL. I
realise the
inherent dangers in this ;)
Yes, there is talk about sendmail milters using SURBLs. I haven't heard of anyone doing one yet, but they're feasible. The limiting factor is the FP rate. FPs must be as close to zero as possible before people will dare to reject spams at the MTA level using SURBLs, other than perhaps for personal servers, etc.
Dangerous, but so very fun!
Hehe! ;-) Messing with spammers is always fun!
Jeff C.