At 16:56 2004-09-09 -0400, Chris Santerre wrote:
OK, this isn't the first time we've had this discussion, but Raymond and I felt this should be made public again. He ran thru some tests of 1500+ domains and found the following data. Looks like they maybe send from zombies, and never their hosts. IPs are similar across the board.
So is there a way to use the IP info in a good way? Could SA or SURBL do a quick ping of the URL and match against a URL? This would allow us to simply list 1 IP instead of all these domains.
Why not simply use what's already available - uridnsbl with SBL?
See this list, most of them all use the same IP, pill spammers... abducted2550pirrs.com has address 219.254.32.111
abducted2550pirrs.com name servers are in SBL.
acdfiaj.info has address 219.254.32.69
abducted2550pirrs.com name servers are in SBL.
agronomy9603dryg.com has address 219.254.32.111
agronomy9603dryg.com name servers are in SBL.
Etc...
Patrik
-
Patrik Nilsson