Up to now I have been looking watching out for types of url which are not parsed by SpamCopURI.
Today I have found one which is parsable by SpamCopURI, but which risks not being blocked for a different reason.
When I went to Spamcop to report the spam, the URL was not parsed out by spamcop reporting engine. This domain is therefore not going to enter into the data (at least from this spam run) and so won't be blocked. BTW the domain is: agrinho.com.
I suppose I should tell spamcop about this...but I thought I'd mention it here to fellow surblers because anything which stops spamvertized domains going into spamcop will have an affect on blocking. In reality we need the parsing mechanisms of clients (like SpamCopURI or URIDNSBL) *AND* of Spamcop itself kept up to date with new obfuscation methods. Alternatively, we need some way of submitting to one of the surbl lists, but that's a big step to take...
John
On Sunday, May 16, 2004, 4:19:30 AM, John Fawcett wrote:
When I went to Spamcop to report the spam, the URL was not parsed out by spamcop reporting engine. This domain is therefore not going to enter into the data (at least from this spam run) and so won't be blocked. BTW the domain is: agrinho.com.
I suppose I should tell spamcop about this...but I thought I'd mention it here to fellow surblers because anything which stops spamvertized domains going into spamcop will have an affect on blocking. In reality we need the parsing mechanisms of clients (like SpamCopURI or URIDNSBL) *AND* of Spamcop itself kept up to date with new obfuscation methods.
SpamCop appears to not output domains that have already been recorded as "being fixed" by the ISP. If that works properly it should probably be considered be a feature and not a bug.
That said, I don't see *any* initial reports from SpamCop for agrinho.com, which suggests it was never processed at all, which is odd and probably should be reported to SpamCop for analysis.
Alternatively, we need some way of submitting to one of the surbl lists, but that's a big step to take...
I'm not sure what Bill Stearns' policies are currently, but in principle you can report spam URI domains to him for inclusion in sa-blacklist and therefore ws.surbl.org.
Jeff C.
Good evening, Jeff,
On Sun, 16 May 2004, Jeff Chan wrote:
On Sunday, May 16, 2004, 4:19:30 AM, John Fawcett wrote:
When I went to Spamcop to report the spam, the URL was not parsed out by spamcop reporting engine. This domain is therefore not going to enter into the data (at least from this spam run) and so won't be blocked. BTW the domain is: agrinho.com.
I suppose I should tell spamcop about this...but I thought I'd mention it here to fellow surblers because anything which stops spamvertized domains going into spamcop will have an affect on blocking. In reality we need the parsing mechanisms of clients (like SpamCopURI or URIDNSBL) *AND* of Spamcop itself kept up to date with new obfuscation methods.
SpamCop appears to not output domains that have already been recorded as "being fixed" by the ISP. If that works properly it should probably be considered be a feature and not a bug.
That said, I don't see *any* initial reports from SpamCop for agrinho.com, which suggests it was never processed at all, which is odd and probably should be reported to SpamCop for analysis.
Alternatively, we need some way of submitting to one of the surbl lists, but that's a big step to take...
I'm not sure what Bill Stearns' policies are currently, but in principle you can report spam URI domains to him for inclusion in sa-blacklist and therefore ws.surbl.org.
Policies are up at http://www.stearns.org/sa-blacklist/ . I do accept submisisons (see that page for how to submit), but I'm behind at the moment, so please be patient. Cheers, - Bill
--------------------------------------------------------------------------- "Learning French is trivial: the word for horse is cheval, and everything else follows in the same way." -- Alan J. Perlis (Courtesy of Mathieu ChouquetStringer mathieu.chouquet-stringer@wanadoo.fr) -------------------------------------------------------------------------- William Stearns (wstearns@pobox.com). Mason, Buildkernel, freedups, p0f, rsync-backup, ssh-keyinstall, dns-check, more at: http://www.stearns.org --------------------------------------------------------------------------