-----Original Message----- From: Jeff Chan [mailto:jeffc@surbl.org] Sent: Thursday, September 30, 2004 12:54 AM To: 'SURBL Discussion list' Subject: Re: [SURBL-Discuss] Help classify quickinspirations.com
On Wednesday, September 29, 2004, 7:34:53 PM, Jeff Chan wrote:
Most of these sites have open subscription forms, which invites abuse. If they have any kind of incentive programs for "affiliates" or anything like that, then that plus open subscriptions would *beg* for abuse.
That said, SBL does not list quickinspirations.com name servers or web site, etc. But NJABL does, and so do some others.
OK I took a look at the NANAS hits, and all quickinspirations mail seems to be sent from the same /27:
64.37.73.212 64.37.73.221 64.37.73.218 64.37.73.214 64.37.73.211 64.37.73.217 ...
So if you block 64.37.73.192/27 or RBL it, ***you'll probably never see any mail from quickinspirations ever again***.
And anyone else who might be hosted on thos servers. :)
Since these can be trivially blocked using regular RBLs or access lists these probably aren't great SURBL candidates to begin with.
Trivial yes, but some people may prefer to use SURBL for this as it is 'safer' because it only blocks based on the domain. You yourself have said this about IPs.
The same cannot be said of spammers using zombies.
Yes, but we are targeting spammers, not just spammers using zombies :)
I'm wondering if we relist it, how long it would be until we heard someone complain. I'm only making this kind of a big deal because I think we will see this method grow.
Hell what is to stop the spammer from getting his sister to complain to us that she signed up for this newsletter and it needs to be whitelisted? Something to consider is weighting the whitelist requests for domains that don't feel right like this one. One request for a domain like this may not cut the mustard. 3...OK.
--Chris
On Thursday, September 30, 2004, 7:58:44 AM, Chris Santerre wrote:
Something to consider is weighting the whitelist requests for domains that don't feel right like this one. One request for a domain like this may not cut the mustard. 3...OK.
--Chris
There aren't enough FP reports to do that. We've never gotten more than one request for a given domain.
Jeff C. -- "If it appears in hams, then don't list it."
On Thu, 30 Sep 2004 17:27:20 -0700, Jeff Chan jeffc@surbl.org wrote:
On Thursday, September 30, 2004, 7:58:44 AM, Chris Santerre wrote:
Something to consider is weighting the whitelist requests for domains that don't feel right like this one. One request for a domain like this may not cut the mustard. 3...OK.
--Chris
There aren't enough FP reports to do that. We've never gotten more than one request for a given domain.
Could this be because we've been a little too responsive? Most whitelistings are almost immediate right now.. If we had a cooling off period for questionable domains it might allow us to gather more evidence.
On Thursday, September 30, 2004, 8:45:21 PM, David Hooton wrote:
On Thu, 30 Sep 2004 17:27:20 -0700, Jeff Chan jeffc@surbl.org wrote:
On Thursday, September 30, 2004, 7:58:44 AM, Chris Santerre wrote:
Something to consider is weighting the whitelist requests for domains that don't feel right like this one. One request for a domain like this may not cut the mustard. 3...OK.
There aren't enough FP reports to do that. We've never gotten more than one request for a given domain.
Could this be because we've been a little too responsive? Most whitelistings are almost immediate right now.. If we had a cooling off period for questionable domains it might allow us to gather more evidence.
We only whitelist the obvious ones immediately. Others require more research. But the research does not take days or even hours. After checking the obvious things like domain age, SBL and NANAS hits, it boils down to trying to determine if a domain has legitimate uses. If it does we don't want to list it and cause FPs.
When in doubt, it's better for us to whitelist. We're already catching a large majority of spams. We don't want the value of that to be diminished by potential false positives.
Jeff C. -- "If it appears in hams, then don't list it."
-
Chris Santerre -
David Hooton -
Jeff Chan