-----Original Message----- From: Matt Kettler [mailto:mkettler@evi-inc.com] Sent: Thursday, September 09, 2004 5:53 PM To: Chris Santerre; SURBL Discussion list (E-mail) Cc: Spamassassin-Talk (E-mail) Subject: RE: Start an IP list to block?
At 05:23 PM 9/9/2004, Chris Santerre wrote:
OOOOOOHHHHH yeah! I didn't know that! Are we sure this is
actually what it
means and not just a miss-syntaxed paragraph? It actually
resolves the IP
against the RBL lookup?
If so....well then...problem solved, and devs get a cookie :)
Actually, upon closer read it checks the IP of the NS record.. So it's essentially blacklisting the IP's of the DNS servers that spammers are using.
So, for http://www.merchantsoverseas.com, it would look at your NS records:
MerchantsOverseas.com. 18185 IN NSauth20.ns.wcom.com. MerchantsOverseas.com. 18185 IN NS auth10.ns.wcom.com.
And would check the IPs 198.6.100.37 (auth20.ns.wcom.com) and 198.6.100.21 (auth10.ns.wcom.com)
WOW! I think this would hit more FPs then listing the IP! Am I wrong there! I would never list the name server, as they may be hosting for much more then just a spammer. That number is sure to be greater then a virtual hosts number for an IP. Maybe I'm missing something key?
You won't see me ever add an NS IP to SURBL. Now that I've had time to think of it.
--Chris
On Friday, September 10, 2004, 7:27:06 AM, Chris Santerre wrote:
WOW! I think this would hit more FPs then listing the IP! Am I wrong there! I would never list the name server, as they may be hosting for much more then just a spammer. That number is sure to be greater then a virtual hosts number for an IP. Maybe I'm missing something key?
SBL lists some spammer name server (and web server) IPs. Hopefully they're careful about it, since you're right listing name servers could affect a lot more than just the virtual hosts on a web server IP.
You won't see me ever add an NS IP to SURBL. Now that I've had time to think of it.
If we add URI content that appears only in spams then there's not much to think about. ;-)
Jeff C.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Jeff Chan writes:
On Friday, September 10, 2004, 7:27:06 AM, Chris Santerre wrote:
WOW! I think this would hit more FPs then listing the IP! Am I wrong there! I would never list the name server, as they may be hosting for much more then just a spammer. That number is sure to be greater then a virtual hosts number for an IP. Maybe I'm missing something key?
SBL lists some spammer name server (and web server) IPs. Hopefully they're careful about it, since you're right listing name servers could affect a lot more than just the virtual hosts on a web server IP.
SBL is also *very* manually-driven, and has a high level of certainty required before anything is listed. There's some serious human vetting going on for every IP that gets added, and they (generally) spot the cases where ns1.bigisp.com would be listed, and don't list them ;)
- --j.
-
Chris Santerre -
Jeff Chan -
jm@jmason.org