On Thursday, September 9, 2004, 2:05:28 PM, Alex Broens wrote:
Chris Santerre wrote:
OK, this isn't the first time we've had this discussion, but Raymond and I felt this should be made public again. He ran thru some tests of 1500+ domains and found the following data. Looks like they maybe send from zombies, and never their hosts. IPs are similar across the board.
So is there a way to use the IP info in a good way? Could SA or SURBL do a quick ping of the URL and match against a URL? This would allow us to simply list 1 IP instead of all these domains.
(I'm well aware of virtual hosts! So only the filthiest of spammers would be put on this IP list. Then their IP better boot them or anyone hosted on that box would feel the rath of SURBL.)
--Chris
Chris, Raymond ,
I went thru a random few of these and they're were listed at Spamhaus. Using spamhaus at SMTP level or SA doing RBL lookups would have caught and stopped them...
Yes, that is a good answer. Use Spamhaus RBLs... :-)
Jeff C.
Spamcop probably has quite a few of them listed as well
ideas?
Alex
On Thursday, September 9, 2004, 2:14:29 PM, Jeff Chan wrote:
On Thursday, September 9, 2004, 2:05:28 PM, Alex Broens wrote:
Chris Santerre wrote:
So is there a way to use the IP info in a good way? Could SA or SURBL do a quick ping of the URL and match against a URL? This would allow us to simply list 1 IP instead of all these domains.
(I'm well aware of virtual hosts! So only the filthiest of spammers would be put on this IP list. Then their IP better boot them or anyone hosted on that box would feel the rath of SURBL.)
I went thru a random few of these and they're were listed at Spamhaus. Using spamhaus at SMTP level or SA doing RBL lookups would have caught and stopped them...
Yes, that is a good answer. Use Spamhaus RBLs... :-)
I should clarify that I mean: use the Spamhaus data with programs that resolve the URI domains into IP addresses, or check their name server IPs, then check those IP address against Spamhaus.
uridnsbl in SpamAssassin 3.0 does the nameserver check against SBL. Don't know if there are programs that check the web site IPs against SBL, but probably there are. Does uridnsbl *only* check name servers?
http://spamassassin.apache.org/full/3.0.x/dist/lib/Mail/SpamAssassin/Plugin/...
Jeff C.
-
Jeff Chan