On Wednesday, August 9, 2006, 3:20:58 PM, Eric Montréal wrote:
On 09/08/06, Eric Montréal erv@mailpeers.net wrote:
also, since most legitimate mailing lists are to recipients in close geographic proximity,
Major lists whose distribution is to as many different servers as a spam run have little chance to be sent from a domain listed in surbl.
When was the last time Microsoft got listed in surbl ?
Smaller lists might end up being sent from a false positive domain and the idea is that surbl test pattern (queries/minutes, burst/continuous, historical comparisons, geolocation and perhaps other metrics) should allow to differentiate between such a list and a spam run.
An antispam service such as surbl does have a far more complete picture on a global scale than anyone operating some mail servers. The access pattern such a service will see is mirroring major spam runs, and this could be exploited. That was the basic idea.
It's an interesting idea. Does anyone have any research or references about the geographic distribution of spam versus ham? Presumably it's been studied.
Surely there is some ham that's sent pretty much without regard to geographic boundaries. After all, the Internet does include some global interests (other than pills, warez, mortgages, etc.).
Jeff C. -- Don't harm innocent bystanders.