On Monday, August 1, 2005, 11:35:13 AM, Catherine Hampton wrote:
I'm adding the IPs to SpamBouncer anyway; it isn't any more work to add them to SURBL. Since I expire them by default in a month, unless they still appear, and since Jeff is expiring anything he gets from me on the same schedule I do, nobody needs to go back and clean up the database -- in two years or any other time. So I don't see any disadvantage here, especially since a number of decent AVs still aren't listing phish URLs as viruses/dangerous content.
Actually I'm not expiring them, so it's good that you are.
<nod> As I understood it, you were going to expire anything I removed from the list.... Or are you just expiring anything that's more than a certain number of days/weeks/months old, and then just updating the list date based on when it last appears in my list of data? Either way should work fine....
Actually I'm just using your list. Whatever is in it gets added to ph.surbl.org. If it comes out of your list (and the other sources) then it's no longer on ph.surbl.org. There is no formal expiration procedure.
I should ask the other data sources to expire their data on their end also so that the list does not grow indefinitely with old data.
Based on a discussion with Paul, I think we shouldn't expire actual "Phish domains" very fast because, apparently, some phishers re-register these domains if they're deregistered by the registrar. In other words, some of them reappear. :/ My first thoughts on this are that, since these domains are generally typosquatted/deliberately similar to a legitimate domain owned by a phish target, or deliberately mimic elements in the URLs in a phish target's legitimate email, it's unlikely that keeping them listed will hit an innocent bystander. These domains don't seem to have any legitimate uses.
Agreed.
Consider expiring spam domains after 1 year perhaps, since spammers often don't renew them. Most spammers seem to only use a domain for a few weeks. The ones that get re-used just before the registrations expire may be somewhat unusual.
Jeff C. -- Don't harm innocent bystanders.