Hello Jeff,
Saturday, May 28, 2005, 12:39:12 AM, you wrote: JC> On Friday, May 27, 2005, 4:13:22 PM, Robert Menschel wrote:
Friday, May 27, 2005, 1:06:46 AM, you wrote:
JC>>> On Thursday, May 26, 2005, 5:58:02 PM, Robert Menschel wrote: JC>>>>> 2. Would they be appropriate to whitelist (i.e. exclude from JC>>>>> listing) in SURBLs?
Unlikely, since the web sites mentioned in the emails are rarely the same as the From address or routing server. However, the primary web sites within those emails might be good candidates for the SURBL whitelist.
JC>>> Fair enough. You don't happen to have a list of those JC>>> corresponding websites do you? :-)
Not readily handy, but if you can find me a few extra hours :-), I can scan my corpus and put together a partial list.
JC> No rush, but if you can get them sometime that would be great! JC> :-)
At the rate things are going, I'll never have the time needed to do a full list. So maybe I can work through whitelist.cf line by line, and send you a couple at a time, on occasion...
whitelist_from_rcvd *@ashkenaz.com roving.com Ashkenaz Music & Dance Community Center In addition to http://ashkenaz.com, their emails have links to http://ui.constantcontact.com ConstantContact is occasionally abused, but is used by a lot of ham newsletters, so probably should be whitelisted if not already.
whitelist_from_rcvd calmt@calmt.pmail.biz amsnet.com California Musical Theatre (Sacramento) http://calmt.pmail.biz
whitelist_from_rcvd *@centurytheatres.com centurytheatres.com Century Theatres http://www.centurytheatres.com and http://www.fandango.com
It's a start...
Bob Menschel
On Thursday, June 2, 2005, 7:40:38 PM, sare sare wrote:
whitelist_from_rcvd *@ashkenaz.com roving.com Ashkenaz Music & Dance Community Center In addition to http://ashkenaz.com, their emails have links to http://ui.constantcontact.com ConstantContact is occasionally abused, but is used by a lot of ham newsletters, so probably should be whitelisted if not already.
whitelist_from_rcvd calmt@calmt.pmail.biz amsnet.com California Musical Theatre (Sacramento) http://calmt.pmail.biz
whitelist_from_rcvd *@centurytheatres.com centurytheatres.com Century Theatres http://www.centurytheatres.com and http://www.fandango.com
Thanks Bob. constantcontact.com and pmail.biz were already whitelisted. I've also whitelisted:
ashkenaz.com calmt.pmail.biz centurytheatres.com fandango.com
Jeff C.
Hello Jeff,
Three more whitelist.cf entries:
whitelist_from_rcvd ACLUOnline@aclu.org convio.net ACLU Online newsletter http://www.aclu.orf https://secure.aclu.org recent references include http://www.cbsnews.com http://www.pbs.org http://fairlaws4families.org http://www.palmbeachpost.com http://www.nytimes.com http://www.washtimes.com http://www.miami.com http://www.zilo.com http://www.workingassets.com http://www.lincolncenter.org http://www.sltrib.com http://www.washingtonpost.com
whitelist_from_rcvd *@afda.org buzzcast.com Assoc Of Fed Defense Attys (AFDA) http://www.afda.org http://www.infopop.com http://www.buzzcast.com
whitelist_from_rcvd nde-news@nde-news.org m2.net National Dialogue on Entrepreneurship http://www.publicforuminstitute.org recent references include http://www.judiciary.house.gov http://www.mitenterpriseforum.org http://www.socialfunds.org http://www.sba.gov http://www.enterprisenation.com http://www.economy.com http://www.nvca.org http://www.lums.lancs.ac.uk http://www.fhlbdm.com http://www.nap.edu http://www.aipla.org http://www.ftc.gov http://www.asce.org http://commerce.wi.gov http://www.icic.org http://www.ontariocanada.com http://strategis.ic.gc.ca http://wwwc.house.gov http://www.microenterpriseworks.org http://www.inc.com http://covertheuninsuredweek.org
Bob Menschel
On Friday, June 3, 2005, 8:25:02 PM, Robert Menschel wrote:
Hello Jeff,
Three more whitelist.cf entries:
whitelist_from_rcvd ACLUOnline@aclu.org convio.net ACLU Online newsletter http://www.aclu.orf https://secure.aclu.org
[...]
Hi Bob, Thanks for those. 11 of the 37 or so were already whitelisted. All seem to have legitimate, non-spam uses so I'm whitelisting them.
None seem particularly spammy. There are a few NANAS mentions, but no SBL listings, and like most people I've heard of most of them. The ones I hadn't heard of I took a look at, and none seem like blackhats.
Cheers,
Jeff C.
Hello Jeff,
Saturday, June 4, 2005, 12:48:12 AM, you wrote:
JC> On Friday, June 3, 2005, 8:25:02 PM, Robert Menschel wrote:
Hello Jeff,
Three more whitelist.cf entries:
whitelist_from_rcvd *@nyu.edu nyu.edu School/University http://alumni.nyu.edu http://www.nyu.edu referenced: www.wnyu.org
whitelist_from_rcvd allstate@allstate.rsc01.com rgc3.net Allstate Insurance (payment confirmations) https://allstate1.rsc01.net http://www.allstate.com
whitelist_from_rcvd *@CardMemberServices.com bankone.net Bank One www.CardMemberServices.com http://cardservices.firstusa.com http://www.bankone.com https://online.firstusa.com
whitelist_from_rcvd *@capitalone.bfi0.com bigfootinteractive.com Capital One http://capitalone.bfi0.com
whitelist_from_rcvd *@*.chase.com bigfootinteractive.com Chase Bank http://email.chase.com http://www.chase.com www.BankOne.com http://chasehf.bfi0.com
On Saturday, June 4, 2005, 6:09:07 PM, Robert Menschel wrote:
Hello Jeff,
Saturday, June 4, 2005, 12:48:12 AM, you wrote:
JC>> On Friday, June 3, 2005, 8:25:02 PM, Robert Menschel wrote:
Hello Jeff,
Three more whitelist.cf entries:
whitelist_from_rcvd *@nyu.edu nyu.edu School/University http://alumni.nyu.edu http://www.nyu.edu referenced: www.wnyu.org
[...]
Hi Bob, Thanks for those. Of those the following were already whitelisted:
allstate.com bankone.com bfi0.com bigfootinteractive.com cardmemberservices.com chase.com firstusa.com nyu.edu
All the rest look pretty legit so I whitelisted them all.
Jeff C. -- Don't harm innocent bystanders.
Hello Jeff,
Three more whitelist.cf entries:
whitelist_from_rcvd *@*.citibank.com citibankcards.com Citi Bank / Citi Cards http://www.citibank.com http://www.citicards.com http://email.universalcard.com http://www.citi.com citibankonline.com also references: http://www.nipc.gov http://iisw.cerias.purdue.edu
whitelist_from_rcvd *@*.discovercard.com bigfootinteractive.com Discover http://www.discovercard.com https://www.novusnet.com
whitelist_from_rcvd *@discovernetwork.bfi0.com bigfootinteractive.com Discover http://discovernetwork.bfi0.com
whitelist_from_rcvd *@Equifax-mail.com cae3.com Equifax http://equifaxmktg.com mailto:customer.care@equifax.com.
whitelist_from_rcvd fnbo@ProcessRequest.com processrequest.com First National Bank Omaha http://www.ProcessRequest.com
whitelist_from_rcvd *@*.householdaccount.com householdaccount.com Household Bank http://ebusiness.householdaccount.com householdbank.com
whitelist_from_rcvd *@ebusiness.orchardbank.com householdaccount.com Orchard Bank http://ebusiness.orchardbank.com
whitelist_from_rcvd *@wellsfargo.m0.net m0.net Wells Fargo http://www.wellsfargo.com http://wellsfargo.m0.net
whitelist_from_rcvd *@*.wellsfargo.com m0.net Wells Fargo wellsfargo.com
Bob Menschel
Two more whitelist entries, added to the list today.
whitelist_from_rcvd psa@lists.serversmiths.com serversmiths.com pARTy/SCIENCE Announcements http://listservices.serversmiths.com references: http://www.WED2005.org http://artintoaction.org http://www.fortmason.org http://www.ciis.edu http://www.greencenturyinstitute.org http://www.greencitiesexpo.org http://www.exploratorium.edu http://www.museumca.org http://www.mysticbeatlounge.com http://harmonyfestival.inhousetickets.com www.mutaytor.com www.bassnectar.net www.karshkale.com www.dhamaalsf.com www.punditz.com www.vaudeviresociety.com www.elcirco.org http://www.harmonyfestival.com http://www.ArtSFest.org http://www.anonsalon.com
This mailing list, psa@lists.serversmiths.com, looks like a good source of web sites that might be appropriate for whitelisting. Would it be possible for SURBL to subscribe to lists like these, harvest the URIs from them, and add such to whitelist?
whitelist_from_rcvd ecomments@wwfus.org bluehornet.com World Wildlife Fund http://newsletter.worldwildlife.org
RM> ... more whitelist entries ...
whitelist_from_rcvd AmericanExpress@*.americanexpress.com aexp.com # American Express whitelist_from_rcvd AmericanExpress@*.americanexpress.com americanexpress.com # American Express http://email.americanexpress.com
whitelist_from_rcvd *@insurance.ca.gov agiliti.net # Service used by government agencies http://www.insurance.ca.gov mailto:GDhelp@govdocs.com http://www.govdocs.com
whitelist_from_rcvd *@CMS.HHS.GOV nih.gov # Medicare mailing list by US Govt file://www.medicare.gov
whitelist_from_rcvd no.reply@1and1.com kundenserver.de # 1and1 Hosting & ISP http://survey.1and1.com
whitelist_from_rcvd *@newsletter.myabout.com myabout.com # About.com newsletters http://www.about.com
whitelist_from_rcvd *@AccuRadio.com 2gtdtbib.net # AccuRadio newsletter http://www.accuradio.com http://www.accuclassical.com http://www.radiocelt.com http://www.hitkast.com http://www.cabaretdio.com http://www.accuholidays.com http://www.accubroadway.com also references: http://www.amazon.com/ http://smartmail.smartmailer.net/ http://www.jimbrickman.com http://www.nuglow.tv http://www.iclassics.com http://www.flashenhanced.com http://indemand.com http://www.dufferinresearch.com http://www.abacast.com/
On Sunday, June 5, 2005, 12:44:51 PM, Robert Menschel wrote:
Hello Jeff,
Three more whitelist.cf entries:
whitelist_from_rcvd *@*.citibank.com citibankcards.com Citi Bank / Citi Cards http://www.citibank.com http://www.citicards.com
[...]
Two more whitelist entries, added to the list today.
whitelist_from_rcvd psa@lists.serversmiths.com serversmiths.com pARTy/SCIENCE Announcements http://listservices.serversmiths.com references: http://www.WED2005.org http://artintoaction.org http://www.fortmason.org http://www.ciis.edu http://www.greencenturyinstitute.org
[...]
Hi Bob, Thanks for those. All look reasonably legitimate so I've whitelisted them all. Looks like banks and artists mostly.
Of the 55 domains mentioned, 14 were already whitelisted and none were blacklisted. nipc.gov does not resolve and some of the commercial mailers like bluehornet.com, bigfootinteractive.com, equifax and NCR might be slightly spammy, but they probably also have legitimate uses, so they're probably appropriate for our whitelists.
Regarding subscribing to newsletters and harvesting the sites mentioned, something appearing in a newsletter is not automatically whitelist material. It's conceivably possible for a spam gang domain to sneak onto a legitimate newsletter, though it seems to happen almost never.
Regardless, all domains need to be checked before they're whitelisted, and they should also be checked before they're blacklisted at least on any manual lists.
Jeff C.
-
Jeff Chan -
Jeff Chan -
Robert Menschel -
sare@menschel.net