On Sunday, March 13, 2005, 9:22:05 AM, Patrik Nilsson wrote:
At 05:29 2005-03-13 -0800, Jeff Chan wrote:
Hmm, perhaps if we could extract *all* URI domains from messages sent through XBLed senders then prioritize those say by frequency of appearance, we could create a new SURBL list of spamvertised domains sent through exploited hosts. That would pretty directly address the use of zombies, etc. and put a penalty on using them to advertise sites through them. Even with volume weighting such a list of sites could be attacked by major joe job unless we took additional countermeasures, but does anyone else think this might be a useful type of data source for SURBLs?
Might be interesting to contact the CBL people that provide most of the XBL data and see if they would be interested in setting something up that would parse out the url domains directly in the scripts already running on the CBL spamtraps.
There would still be a need for further processing to eliminate FPs of course, but a feed at the source level would mean a substantial reduction in the time to listing as well as a larger data set.
Patrik
Excellent suggestion! Does anyone have contacts at CBL?
Jeff C. -- "If it appears in hams, then don't list it."