On Monday, April 12, 2004, 8:59:21 AM, Burnie Burnie wrote:
Paul Barbeau Paul@hypernet.ca wrote:
There still might be a place for BigEvil in this new world of SURBL. I find there are a number of domain in BigEvil (and my own MidEvil) that are not yet in the spam cop and therefore not in this service. Because of this there might still be a place for this type of list as you could call it more cutting edge.
Another issue to SURBL vs BigEvil:
If the spammer uses redirectors for urls, AFAIK only BigEvil will match those. SURBL will only check the hostname of the redirector. I.e. http://drs.yahoo.com/covey/parr/*http://spammer.address/
Perhaps this (and tinyurl, etc.) is an issue to be discussed?
Here's a finer point to add the discussion. SpamCop itself does seem to disambiguate (most of) the redirection. If someone is using a redirector to send traffic to spamdomain.com, SpamCop seems to detect and resolve if correctly to spamdomain.com most of the time. So the data that's used as input to sc.surbl.org already has redirectors correctly handled to some extent.
The SA code using sc.surbl.org such as SpamCopURI and urirhdbl may or may not be as capable of detecting and resolving the redirections. I can't really say for sure because I have not reviewed that code. My focus is on more the data side of things. Certainly it would be useful of the code handling messages coming in from the wild were able to resolve redirections fully, but I'm not sure that's currently the case.
This is why we do these projects openly: so other people can add fixes, improve install scripts, add new features, etc.
BTW: Currently my stats show that of all recognized spam during the last ~85 hours (- 12919 spam)
- 62.3% is in "sc.surbl.org"
- 76.3% is in "sbl-xbl.spamhaus.org" (127.0.0.2)
- 82.3% is in either/both of those
- 2.4% were put "over the edge" because of those rules
The last percentage is a bit low due to running bigevil, sa-blacklist.uri and quite a bunch of other rules.
Thanks for sharing the stats! I hope to be able to increase the spam detection rates significantly for sc.surbl.org when I get back to coding.... ;-)
Jeff C.
-
Jeff Chan