I've noticed that SURBL (and URIBL, who I will contact later) lists several domains that have appeared in spam header contents as well as in body contents. I'd like to use SURBL (probably multi) as an optional domains BL check against headers known to contain domains, such as the Message-ID, From, and Reply-To headers, a la
Message-Id: 200510020442.j924gBkv021479@expoactive.net From: ExpoActive advertising@expoactive.net Reply-To: advertising@expoactive.net
From: "Steven McGuire" stevenmcguire@aaaaa2.com List-Unsubscribe: mailto:leave-2005_1-6m_optin-10289508G@aaaaa2.com Message-Id: LYRIS-10289508-169-2005.10.03-20.50.13--{vic#tim}@aaaaa2.com
From: "iMarketing Sales Leads" julieandrews@imailzone.info
Reply-To: "OAG" club@reachmail.net
From: TuneUp Software Newsletter newsletter@tune-up.com Reply-To: newsletter4v2-reply@newsletter.tune-up.com
From: "Solutions" info@disklesspc.com Reply-To: info@disklesspc.com
From: "Millionaires Concierge" info@millionaires-concierges1.com Reply-To: info@millionaires-concierges1.com
Message-Id: 200510020442.j924gBkv021479@expoactive.net From: ExpoActive advertising@expoactive.net Reply-To: advertising@expoactive.net
As I've only received 23 spams not otherwise classifiable as worth blocking using other means (e.g., 419 scams which can be blocked by injection IP) this /month/, having successfully blocked all the rest, I'd really like to take advantage of the realtime nature of SURBLs.
I could see immediate results in the form of blocking literally 1/3 of the remaining spam I allow in here.
Comments? This would be an optional configuration for my enemieslist package, which I intend to have more widespread distribution eventually but which would not represent a crushing query load at present.