William Stearns wrote:
The approach made sense to me as well. http://www.stearns.org/sa-blacklist/spamip.current.txt is the report created from the A record harvesting. I'd be glad to provide the raw data collected over the past 5 months. I also have SOA and whois data for the entire sa-blacklist.
William,
I'd be interested in seeing this. I've got a stupid spammer who has like a million domains, all resolving to one NS and of course there is no mailserver running there. Actually now looks like he has 2 IPs for MX 218.106.116.147 and 218.106.114.212 the bastard is driving me nuts!
I have a script I run that attempts to discard his domain mail, but doesn't really work that great and I never have a lot of time to tweak it. Be that as it may, he is one of the big reasons I am now working with you all on SURBL.
Funny thing is that he is just hitting a highly moderated list and nothing is happening to his mail but getting filtered to the bit bucket.
I still need to install the plugin for the SURBL into spamassassin. I'll try to get it done maybe today. I work graveyards so I do sleep during the day.
Thanks,
-Doc