Hi Ryan, thanks for the submissions. I'm about to give them a quick going thru. The best place to ask these questions is right on the SURBL list discuss@lists.surbl.org
I'm cc'ing this to the list. The more eyes on it the better. Redirects are handled differently. Post them to discussion list and they get added to a redirect list.
The rule of thumb is like cooking: "When in doubt, throw it out."
We would much rather not list a spammer, then list a shammer. Unless we decide together that the shammer is 95% spam with 1 legit customer. Then we might list them and inform the legit customer.
Sometimes we don't all agree. Like political spam. Thats were we have some real fun ;)
--Chris
-----Original Message----- From: Ryan Thompson [mailto:ryan@sasknow.com] Sent: Saturday, July 10, 2004 4:41 PM To: Chris Santerre Subject: First submission questions
Hi Chris,
I just submitted a "short list" of 87 domains to chris+rthompson@moglobal.com, as kind of a proof-of-concept. I did take quite a bit of care in the classification of these domains, so *I'm* confident about them, but there are a few grey areas that I wasn't sure if you'd agree with. Can you offer a bit of advice?
Some I wasn't sure about are below. Also, if there's a person or list that would be better equipped to advise on this kind of thing, please let me know. I want to quickly become more help than burden, obviously. :-) I'll be quieter once I better understand your inclusion system.
Spam username hosts, but possibly also legit sites? I can't read Taiwanese, nor do I really want to. In any case, these are probably safe for inclusion in English block lists. twfc.org.tw Hosts spammers club.net.tw Random hostname spammers f2m.idv.tw Seems to process email forms for spammers apol.com.tw mail.apol.com.tw seems to host /~spammers/ pchome.com.tw Multiple NANAS mentions netking.com.tw Multiple NANAS mentions
Image hosts: vendio.com eBay spammers image host; multiple NANAS hinet.net has been mentioned before; they are rather notorious
Obfuscated/invalid/mistyped URIs that get_uri_list picked up on: interfun_lacing.jpg Local image URL internet.e-mail Fake URL seen in spam dnatzweirq2.ru Obfu for dazer2.ru new_page_2.files Weird fake URL wwwacronmedia.biz Mistyped spammer URL
Iffy redirects: tadpole.com Funny redirect destination in software spam? 61.218.32.78 Redirector; down now? tadpolecomputer.com Funny redirect destination in software spam?
- Ryan
-- Ryan Thompson ryan@sasknow.com
SaskNow Technologies - http://www.sasknow.com 901-1st Avenue North - Saskatoon, SK - S7K 1Y4
Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon
Toll-Free: 877-727-5669 (877-SASKNOW) North America
Chris Santerre wrote to 'Ryan Thompson':
Hi Ryan, thanks for the submissions.
You're welcome! Thanks for the feedback.
I'm about to give them a quick going thru. The best place to ask these questions is right on the SURBL list discuss@lists.surbl.org
I'm cc'ing this to the list. The more eyes on it the better. Redirects are handled differently. Post them to discussion list and they get added to a redirect list.
OK.
The rule of thumb is like cooking: "When in doubt, throw it out."
:-) Agreed 100%. This first run was mostly a test drive, so I decided to leave the baby in with the bathwater to get a better feel for the preferred threshold.
We would much rather not list a spammer, then list a shammer. Unless we decide together that the shammer is 95% spam with 1 legit customer. Then we might list them and inform the legit customer.
Yes. These are probably the hardest (or at least most time consuming) to identify. Especially for those of us who aren't fluent in Taiwanese. :-) With the program that I wrote, finding the URIs and their relevance to the spam is easy. Figuring out what *else* the sites might be used for, however, is not trivial.
Then again, it's probably much quicker and nearly as effective to just catch the 95% of really obnoxious ones. :-)
Sometimes we don't all agree. Like political spam. Thats were we have some real fun ;)
Some of the politicians in Canada are just as much fun. :-)
- Ryan
On Monday, July 12, 2004, 6:14:59 AM, Chris Santerre wrote:
Hi Ryan, thanks for the submissions. I'm about to give them a quick going thru. The best place to ask these questions is right on the SURBL list discuss@lists.surbl.org
I'm cc'ing this to the list. The more eyes on it the better. Redirects are handled differently. Post them to discussion list and they get added to a redirect list.
The rule of thumb is like cooking: "When in doubt, throw it out."
We would much rather not list a spammer, then list a shammer. Unless we decide together that the shammer is 95% spam with 1 legit customer. Then we might list them and inform the legit customer.
Sometimes we don't all agree. Like political spam. Thats were we have some real fun ;)
--Chris
-----Original Message----- From: Ryan Thompson [mailto:ryan@sasknow.com] Sent: Saturday, July 10, 2004 4:41 PM To: Chris Santerre Subject: First submission questions
I just submitted a "short list" of 87 domains to chris+rthompson@moglobal.com, as kind of a proof-of-concept. I did take quite a bit of care in the classification of these domains, so *I'm* confident about them, but there are a few grey areas that I wasn't sure if you'd agree with. Can you offer a bit of advice?
Some I wasn't sure about are below. Also, if there's a person or list that would be better equipped to advise on this kind of thing, please let me know. I want to quickly become more help than burden, obviously. :-) I'll be quieter once I better understand your inclusion system.
Spam username hosts, but possibly also legit sites? I can't read Taiwanese, nor do I really want to. In any case, these are probably safe for inclusion in English block lists. twfc.org.tw Hosts spammers club.net.tw Random hostname spammers f2m.idv.tw Seems to process email forms for spammers apol.com.tw mail.apol.com.tw seems to host /~spammers/ pchome.com.tw Multiple NANAS mentions netking.com.tw Multiple NANAS mentions
Image hosts: vendio.com eBay spammers image host; multiple NANAS hinet.net has been mentioned before; they are rather notorious
Obfuscated/invalid/mistyped URIs that get_uri_list picked up on: interfun_lacing.jpg Local image URL internet.e-mail Fake URL seen in spam dnatzweirq2.ru Obfu for dazer2.ru new_page_2.files Weird fake URL wwwacronmedia.biz Mistyped spammer URL
Iffy redirects: tadpole.com Funny redirect destination in software spam? 61.218.32.78 Redirector; down now? tadpolecomputer.com Funny redirect destination in software spam?
Unless a given domain is a hard core professional criminal spammer, often it should not be listed. Any site that has some legitimate users/uses should probably not be listed.
We want to go after the domains of the most aggressive and abusive spammers while not listing domains that may have some legitimate use since that could cause false positives. So even partially legitimate domains should probably not be listed.
Jeff C.