on Tue, Oct 11, 2005 at 10:01:29PM -0700, Jeff Chan wrote:
I do know that spammer domains - listed in SURBL and URIBL already - do tend to be found in headers likely to direct replies back to the spammer, and which may contain tracking devices also useful to the spammer (when inserted by compliant clients as References: or In-Reply-To: in the reply). I'm advocating rejecting these known spammy messages, which would otherwise be caught/tagged by SURBLs after delivery (and delivered or quarantined, after which it's in the hands of users to know whether or not to reply to ask to be removed), during the SMTP conversation, not after.
Sounds reasonable, even if it's not the original purpose of SURBLs.
What kinds of percentage of spam message header domains are showing up on SURBLs? I would imagine the hit rates might not be too high, so there may be a processing cost/benefit issue.
Well, I don't allow much spam into my network - I reject it all as best I can. For reliable numbers, you'd need to ask someone with a large spam corpus. But of the 25 spams I let in so far this month (which doesn't count 419 scams, most of which came in via hotmail) 8 of them would have been blockable using uribl/surbl lookups. I figure 32% is a good enough number to at least try the approach.