-----Original Message----- From: Jeff Chan [mailto:jeffc@surbl.org] Sent: Tuesday, September 07, 2004 9:38 PM To: SURBL Discussion list Subject: Re: [SURBL-Discuss] Re: Need help checking FP list from Theo
On Tuesday, September 7, 2004, 6:16:36 PM, Jeff Chan wrote:
On Tuesday, September 7, 2004, 5:40:47 PM, Joe Wein wrote:
Chris Santerre wrote:
Domain List matching contacts_email of hostmaster@1and1.com
* 1: 1-asian-sex.com * 2: 1and1.com
...
* 48: uptimesoftware.com * 49: wonderfulldeals.com
I think you're missing the point, Chris. The domain
1and1.com is unlikely to
be listed in spam, let alone *only* listed in spam.
Furthermore, of the
domains you list I had a hard time finding one that was
both active and
SURBL-listed.
I hope Chris was showing us some other domains with similar registration information. That said, *registrar* information isn't to useful except in the case of mostly blackhat registrars.
I should add, this kind of data is only useful in proving a blackhat registrar if we also know how many other domains they have registered.
If a registrar has 100 spam domains but 100,000 legitimate ones they're probably not a blackhat registrar. If another registrar has 100 spam domains but 20 legitimate ones, they're likely a blackhat. Domains belonging to the second registrar could be "scored" as more likely spammy by some yet to be written (or revealed) software. However that only works if you can see the other 100,000 and the 20, which normally you can't.
In other words not enough information may be visible to draw reliable conclusions about the badness of a given registrar. On the other hand some general information about the number of domains some large registrar holds is available at registration statistics sites like:
http://www.whois.sc/internet-statistics/registrar-stats-2003.html
Jeff and Joe, This is exactly why I posted this info! For info purposes. I don't know a german web hoster from a hole in the wall! (Thats a crazy american saying for I don't know jack about them!) But I do have access to similar registrar info. And quite a lot more then what I posted.
It is my hope that one day I can make it privately availible to SURBL guys. But right now I can't. Look at Jeff's comment:
"
Domain List matching cluster of russ-effrig
* 1: 007inkjets.com * 2: 00inkjets.com * 3: 111inkjets.com * 4: 123cartridges.com * 5: 123inkjets.com
[...]
That's interesting, but I think it misses the point:"
NO it doesn't! The point was..... its interesting!! :) 123inkjets has been linked to a ton of other spam domains. The fact that they have customers makes it legit???? SO anyone who falls for these spams and buys something, makes it legit? Think about that. Where do you draw the line?
All spams will have some suckers. All spams will therefore have customers. All spams will have SOMEONE report it is legit. This shall forever now be known as the Santerre Theory of Spam Legitamicy. :)
I fully intend to be the Ying to Jeff's Yang. *giggle*
SO we gather a few things from the info I posted, and added to by what you guys know. 1and1 is ok to whitelist. But 123inkjets is a more difficult domain. For me I say leave them listed.
Sometimes legit companies spam. If they feel little pain, they will do it again.
I hate FPs as much as Jeff.
--Chris