On Thursday, September 9, 2004, 2:00:25 PM, Raymond Dijkxhoorn wrote:
OK, this isn't the first time we've had this discussion, but Raymond and I felt this should be made public again. He ran thru some tests of 1500+ domains and found the following data. Looks like they maybe send from zombies, and never their hosts. IPs are similar across the board.
219.254.32.111 201.12.78.140 200.139.104.4 221.143.42.199 219.129.20.250
I can let it run over a somehow bigger collection, but these are the ones that keep adding domains daily, and i am sick and tired of adding those daily over and over. They keep comming up with new domains.
Bill also promosed to have a look, so we can at least auto include them inside SURBL, but any other way would be cool either.
Please do not include broad IPs in SURBLs. That goes against the way we have designed them. If I find this happening, I will take action to stop them. PLEASE DO NOT DO IT!!
I will be modifying the SC data engine, if I can ever free up some cycles, to look at the resolved IP addresses of incoming domains and list them much sooner (like immediately) if they resolve to commonly used IP addresses.
Jeff C.