Hi,

In some cases, it would be interesting to provide an alternative zone, with a "spam signature info", for domains that could also be used for legitimate purposes. This zone would feature a special TXT part with a regexp or some encoded string that will be used by checking clients to test the message.

A fake example:

buyziagra.com

TXT: listed in re.surbl.org (etc...) #click here.*buy [zvj]iagra#

The text between #'s will be used as an regexp that, if matched against the text in slurp mode (whole buffer checked instead of line-by-line), will make the tool return that that e-mail is Spam.

I can adapt my suriproxy to do that very easily. (Btw, there is a new test version of suriproxy avaliable with domain whitelisting and a better uri matching algorithm at http://sourceforge.net/projects/pf-aux. Any new feedback would be appreciated)

The format I used is just an illustration. It would be ideal to develop or find a simpler "text matching" format then regexp, and yet more powerful, to accept different character coding.

The idea of this "URIBL with spam sigs" is to avoid FP's and, specially, to let us list domains in a less restrictive policy. Even if a domain could used for legimate purposes, it could be added to this special zone. I do agree with the current policy used here, but I have several spam arriving everyday, specially from Brazilian domains, that, if the policy is respected, could not get into the list. Yet we need to find a solution for that, and this is my suggestion.

This new feature would, then, take two different collaborative anti-spam solutions types - URIBL and on line content checks (Razor, DCC, etc) in a very efficient way and using existing infra-structure, that is, DNS servers.

The odds are it would be a bit more difficult to maintain and spam gangs can change the text all the time. Even then, I believe this could be interesting. Do you think this is worth trying?

sorry for my bad english, Yves