On Saturday, September 18, 2004, 10:35:35 PM, Jay Swackhamer wrote:
On Saturday, September 18, 2004 9:06 PM, Jeff Chan wrote:
The two strategies can be compatible in a somewhat kludgey way if we chose to not reduce the whole URI data, causing them to not match the domains extracted by SURBL code from messages found in the wild.
Yeah, that could possibly be an argument in the eval function... something like "check_uridnsbl('URIBL',1)" where the 1 does a match against the whole URI, but otherwise defaults to the URI reduction.
That would allow the function to use both types of data. Getting them mixed up could create problems though.
I'd still be interested to hear if you may be able to provide a version of the fraud data without sender domains or sender IPs.
In the case of the fraud list, I recall that all the data is from URIs, and doesn't contain any sender IP or reverse DNS info.
That sounds right, looking at the data.
Jeff C.