On Tuesday, October 11, 2005, 10:42:28 AM, Steven Champeon wrote:
I've noticed that SURBL (and URIBL, who I will contact later) lists several domains that have appeared in spam header contents as well as in body contents. I'd like to use SURBL (probably multi) as an optional domains BL check against headers known to contain domains, such as the Message-ID, From, and Reply-To headers, a la
Message-Id: 200510020442.j924gBkv021479@expoactive.net From: ExpoActive advertising@expoactive.net Reply-To: advertising@expoactive.net
Are these spams being sent from zombies? If not, then we possibly should not be listing them. If they're sending from their own mailservers then it's vastly more efficient to just block their IPs at a low level, i.e., regular (local or global) RBL.
Regarding using SURBLs on headers, I guess I'd view that as mission creep and somewhat away from our original focus of URI domains.
Do any spam gangs put the URI domain on their headers when they use zombies? Seems to me they tend to forge everything except the URI.
Jeff C. -- Don't harm innocent bystanders.