On Thursday, March 10, 2005, 9:47:23 PM, Rakesh Rakesh wrote:
ok, here is a list of 447 domains, that I have compiled from the 1500 mails that hit my spamtrap id, were detected as spam and confirmed by humans to be spam. Actually I had got 587 domains and tried to resolve them against multi.surbl.org. And these 447 were not listed.
Thanks for these. Note that SURBLs try to reduce URIs down to base domains (as they would be registered), so:
afoc2091185zj.fightrxbillz.com -> fightrxbillz.com military.com.appetizinggood.com -> appetizinggood.com
Doing that, sorting, etc. reduces the 447 to 284. Of those 284, 186 are already listed in multi.surbl.org, and 4 are whitelisted, which leaves 94:
aadbfbe.org acpvgcrh.com aizozwayb.com amdwdthjcy.net arysqg.com asgzxhhvld.com auyfcw.au bkwrcegzc.dk bnekw.net [...]
However of those 94, 92 appear to not resolve any NS records which means they're either not registered, had their registrations expire, revoked, etc. So they're not too useful for spammers. They could appear in spams, but any web sites referenced by them would not resolve. The remaining 2 are:
kuhat.com netmechanic.com
Both of which may have legitimate uses or owners, so they probably should not be listed. Neither domain has any common RBL or SBL listings. netmechaic has 21 NANAS but they look incidental. kuhat has no NANAS. (Can anyone here read Suomi? If so can you check out the kuhat.com site?)
domain: kuhat.com status: lock organization: Uintiseura Kuhat owner: Teppo Lehtinen email: teppo.lehtinen@kuhat.com address: Klaavuntie 10 M 111 city: Helsinki postal-code: 00910 country: FI admin-c: teppo.lehtinen@kuhat.com#0 tech-c: hostmaster@nebula.fi#0 billing-c: hostmaster@nebula.fi#0 reseller-1: ------------------------------------------------- reseller-2: Nebula Oy - Web-hotellipalvelut, konesalipalvelut reseller-3: ja internet-yhteydet. http://www.nebula.fi/ reseller-4: ------------------------------------------------- nserver: dns1.nebula.fi nserver: dns2.nebula.fi registrar: JORE-1 created: 2002-11-13 17:01:51 UTC JORE-1 modified: 2004-09-29 06:40:07 UTC JORE-1 expires: 2005-11-13 11:01:35 UTC source: joker.com
Keynote Systems (NXHIWSSUVD) 777 Mariners Island Blvd San Mateo, CA 94404 US
Domain Name: NETMECHANIC.COM
Administrative Contact: Keynote Systems (22205655O) NICADMIN@KEYNOTE.COM 777 Mariners Island Blvd San Mateo, CA 94404 US 650-403-2400 fax: 999 999 9999
Record expires on 13-Oct-2010. Record created on 15-Mar-2004. Database last updated on 11-Mar-2005 02:21:44 EST.
Domain servers in listed order:
NS01.KEYNOTE.COM 65.198.48.128 NS02.KEYNOTE.COM 65.198.48.160 NS03.KEYNOTE.COM 65.198.48.161 NS04.KEYNOTE.COM 63.94.64.66
So it appears that if you're using multi.surbl.org in your spam filters then it should be catching almost all of the ones you reported which are actually usable by spammers. Are they getting through? Are you hopefully using multi instead of sc alone?
Hope this helps,
Jeff C. -- "If it appears in hams, then don't list it."