-----Original Message----- From: Jeff Chan [mailto:jeffc@surbl.org] Sent: Sunday, September 26, 2004 11:50 PM To: SURBL Discuss Subject: Re: [SPAM-TAG] [SURBL-Discuss] Spammer threatening to suesingle4you.net
On Sunday, September 26, 2004, 8:35:40 PM, Joe Wein wrote:
"Jeff Chan" jeffc@surbl.org
But that's not the question. The question is: does the domain have legitimate uses. If so we shouldn't list it. We should not list domains that have legitimate uses, even if they do send in some spam.
Hi Jeff,
the latest emails from Mr. Schiffer were much more friendly
in tone. He also
admitted that he was only bluffing when he talked about
legal action, as he
really does not have any money for that.
I have removed his listing and let him know about that. I
hope he learnt
something from it.
I probably wouldn't have removed the domain without your
reminder. Looking
at this case I realise how difficult it really is for
submitters *not* to
list spammers who may have some legitimate uses.
Joe
Thanks Joe. Hopefully he's learned his lesson.
What the hell?? I just read this whole thread! I would not have taken this guy off! No way in hell!!!!! Ray, add this yahoo to UC please!
The domain is brand new, sends spam, and screams about getting listed! How the hell can he be legit! Did you guys read the NANAS listings that showed his wonderful emails?
These are just the ones reported. He 'purchased' a list. So none of these were opt in.
This is not the last we will hear of this guy. I think taking him off is a mistake. And IF he does it again, I'll report his a$$ to every RBL I can find, simply because you guys removed this idiot.
--Chris (Jaded, fed up, and tired of the BS.)
On Monday, September 27, 2004, 7:25:40 AM, Chris Santerre wrote:
The domain is brand new, sends spam, and screams about getting listed! How the hell can he be legit! Did you guys read the NANAS listings that showed his wonderful emails?
These are just the ones reported. He 'purchased' a list. So none of these were opt in.
And are those the only emails that ever have or ever will mention the domain? Do we know that the domain has no legitimate uses or users? If not should we block all legitimate messages that do mention the domain?
These are difficult questions which we attempted to answer.
It's much easier to list them, but is that fair to people who actually use or mention the site in hams?
Jeff C. -- "If it appears in hams, then don't list it."
Hi Jeff,
These are just the ones reported. He 'purchased' a list. So none of these were opt in.
And are those the only emails that ever have or ever will mention the domain? Do we know that the domain has no legitimate uses or users? If not should we block all legitimate messages that do mention the domain?
These are difficult questions which we attempted to answer.
With the looks of the site, all the database errors when you try to do something there its very unlikely this site HAD legit use, since it sinply doesnt work ;)
bye, Raymond.
Chris Santerre wrote to 'Jeff Chan' and 'SURBL Discussion list':
Thanks Joe. Hopefully he's learned his lesson.
What the hell?? I just read this whole thread! I would not have taken this guy off! No way in hell!!!!! Ray, add this yahoo to UC please!
Well, first off, you probably meant "Ryan". Second, single4you.net has been in UC for for days already. :-)
The domain is brand new, sends spam, and screams about getting listed! How the hell can he be legit! Did you guys read the NANAS listings that showed his wonderful emails?
These are just the ones reported. He 'purchased' a list. So none of these were opt in.
Agreed! Don't forget the temporal aspect of SURBL. It *was* a spammer domain, but that doesn't mean it still *is* a spammer domain.
This is not the last we will hear of this guy. I think taking him off is a mistake. And IF he does it again, I'll report his a$$ to every RBL I can find, simply because you guys removed this idiot.
Well, I'm not worried about it at all, because if he has really cleaned up his act, we won't hear from him again. Otherwise, if I get confirmed fresh spam for single4you.net, I'll happily spend the 3 seconds it takes to re-list, as I'm sure would many people who have read this thread. ;-) I'll be watching my daily GetURI runs very, very closely. :-)
--Chris (Jaded, fed up, and tired of the BS.)
Even while following this thread yesterday, I whitelisted 45 domains, and listed 24 new ones, from a ~6 hour corpus. I'm not going to let a little bit of BS about *one* measly domain ruin my fun.
I know, I had to damn near swallow my own tongue before I recommended de-listing them, but, the point is, if we aren't responsive to the odd site possibly changing their act, SURBL (and even UC) will be useless.
- Ryan
Hi Jeff, At 07:34 27-09-2004, Jeff Chan wrote:
And are those the only emails that ever have or ever will mention the domain? Do we know that the domain has no legitimate uses or users? If not should we block all legitimate messages that do mention the domain?
Do we know that the domain has legitimate use? No. There will always be legitimate messages that mention domains listed in surbl.
These are difficult questions which we attempted to answer.
That domain fulfills the requirements of the policy posted on the website.
It's much easier to list them, but is that fair to people who actually use or mention the site in hams?
Life isn't fair. :)
Regards, -sm
On Monday, September 27, 2004, 9:52:41 AM, SM wrote:
That domain fulfills the requirements of the policy posted on the website.
Not if it has legitimate uses:
http://www.surbl.org/policy.html
"A. Add domains that appear only in spam. Do not add any domains that appear in ham."
Jeff C. -- "If it appears in hams, then don't list it."
Jeff Chan wrote:
"A. Add domains that appear only in spam. Do not add any domains that appear in ham."
As an absolute rule that won't work, because the criminal spammer talks with his rogue registrar in "ham". Don't forget rules #1 spammers lie, and #3 spammers are stupid.
You can't whitelist a domain only because a lying stupid spammer says so. They all have some excuses, that's a part of their business. Bye, Frank
Ryan wrote:
Well, I'm not worried about it at all, because if he has really cleaned up his act, we won't hear from him again. Otherwise, if I get confirmed fresh spam for single4you.net, I'll happily spend the 3 seconds it takes to re-list,
Exactly.
The guy doesn't fit the usual profile. He doesn't change domains like other people change underware. The website is not hosted in China or South Florida but Norway.
I think it's unlikely we will see spam for this domain again and if we do, we relist it. It's that simple.
Joe
On Monday, September 27, 2004, 5:12:16 PM, Frank Ellermann wrote:
Jeff Chan wrote:
"A. Add domains that appear only in spam. Do not add any domains that appear in ham."
As an absolute rule that won't work, because the criminal spammer talks with his rogue registrar in "ham".
I don't consider spammer's messages to be ham. Only ham from legitimate people (non-spammers) is ordinary ham.
Jeff C. -- "If it appears in hams, then don't list it."
Jeff Chan wrote:
I don't consider spammer's messages to be ham. Only ham from legitimate people (non-spammers) is ordinary ham.
Okay, but the difference betwee ham and spam can be as "clear" as the difference between bug and feature. From my POV all documented bugs are features... ;-)
In another message about doubleclick you came to the conclusion to whitelist this stuff. IMHO that's a bad idea. There's no reason to whitelist somebody known for utter dubious business practices: as long as they don't spam they won't show up in a SURBL, why waste your time or bandwidth for these [censored] ?
But I've saved the list of the domains, maybe I can use it for my /etc/hosts at some time (anything crashing my browser resp. filling my cookies.txt is an /etc/hosts candidate)
Bye, Frank
On Monday, September 27, 2004, 6:12:41 PM, Frank Ellermann wrote:
In another message about doubleclick you came to the conclusion to whitelist this stuff. IMHO that's a bad idea. There's no reason to whitelist somebody known for utter dubious business practices: as long as they don't spam they won't show up in a SURBL, why waste your time or bandwidth for these [censored] ?
Doubleclick domains show up in a lot of hams. Do we want to block those hams?
Yes or no?
Jeff C. -- "If it appears in hams, then don't list it."
Jeff Chan wrote:
Doubleclick domains show up in a lot of hams.
Have you seen these domains in URLs mentioned in e-mail ?
0mm.com 123 / 94 in *.net-abuse.* (incl. / excl. nanas), last 2002. rather old, but not a "white hat". 2clk.net 93 / 25, last Aug 14 2004, zero sightings after removing the dubious launch.2clk.net addresses
businesslink.net sightings in some very old spam (1999).
I'm not very interested in ancient spam history, but after this short reality check this isn't a clean list of known white hats.
You just don't have the time and Gigabytes to white list all ex-spamvertized domains without new sighting for more than two years. The purpose of your white list is IMNSHO to catch erroneous SURBL listings. It's not a collection of reformed spammers or old domains. At least for c/n/o the whois data allows to determine the age of domains.
And if they spammed before 2003, who knows what they are planning for 2005 ? Bye, Frank
On Tuesday, September 28, 2004, 5:35:15 AM, Frank Ellermann wrote:
Jeff Chan wrote:
Doubleclick domains show up in a lot of hams.
Have you seen these domains in URLs mentioned in e-mail ?
0mm.com 123 / 94 in *.net-abuse.* (incl. / excl. nanas), last 2002. rather old, but not a "white hat". 2clk.net 93 / 25, last Aug 14 2004, zero sightings after removing the dubious launch.2clk.net addresses
businesslink.net sightings in some very old spam (1999).
So what you're saying is that there are no recent NANAS. IOW they're not spamming.
But that still does not answer the question, do they get mentioned in a lot of hams?
The question is not about spams, it's about hams.
Asking the wrong question gets the wrong answer.
Jeff C. -- "If it appears in hams, then don't list it."
Jeff Chan wrote:
So what you're saying is that there are no recent NANAS. IOW they're not spamming.
At least not after 2002. Some of the older sightings and discussions appeared to be real for 0mm and businesslink.
But that still does not answer the question, do they get mentioned in a lot of hams?
Who knows, certainly not me, I don't recall _any_ mail mentioning these sites. OTOH my mail folders are only 40 MB, most of it 2003/2004.
The question is not about spams, it's about hams.
My question was about your time and the size of your white list. All I find for "0mm.com" smells rotten, it's a very old spammer, simply ignore it. Bye, Frank