On Sunday, September 26, 2004, 2:16:45 AM, Alex Broens wrote:
If a spammy looking msg comes thru an exploited system IMO it would qualify even more to be a SURBL inclusion as a genuine "marketer" would not be expected to use exploited machines, right?
That's definitely true, and one of the things I usually look for in SURBL listing candidates. (I thought you were referring to checking URI domains against XBL, which probably would not catch much.)
XBL is an excellent list of spam senders, by far the biggest catcher of spam senders in my regular RBLs, so it probably would be good as a header check for GetURI also. Ryan can we make this a feature request?
As we mentioned earlier, zombies are a major reason for SURBLs to exist. If someone uses fixed mail senders, those are easily blocked using regular RBLs. SURBLs are a largely a response to zombies, since without consistent mail senders to look for, content, specifically spam advertised web sites was the next logical thing, IMO.
Jeff C. -- "If it appears in hams, then don't list it."