-----Original Message----- From: Raymond Dijkxhoorn [mailto:raymond@prolocation.net] Sent: Thursday, September 09, 2004 5:10 PM To: Alex Broens Cc: users-return-15498-sa-list=alexb.ch@spamassassin.apache.org; SURBL Discussion list (E-mail); Spamassassin-Talk (E-mail) Subject: Re: Start an IP list to block?
Hi!
Chris, Raymond ,
I went thru a random few of these and they're were listed at
Spamhaus.
Using spamhaus at SMTP level or SA doing RBL lookups would
have caught and
stopped them... Spamcop probably has quite a few of them
listed as well
No, that wont work. The spams are sended in via trojans/proxys only the websites are static. SOME are blocked with DSBL and so but most of the time they start a spamrun with a fresh set it seems.
So yes, they are inside spamhaus, but only the websites, didnt see mails sended out from there (yet).
Agreed. They may be listed, but for mail, not hosting. They use other IPs to send, and keep the host on their IPs. SOme of the bigger spammers are saying "Screw SURBL, I've got enough dough to get a new domain for every run, and it still remains profitible."
To which we have 2 replies: 1) Those registers are going to feel some rath soon from the antispam community. 2) We gonna mark the IP, you silly little monkeys!
I think the code should be added into the SURBL code. It would need to be a patch for SA 3.0 as it is prbly too late for it to go in now. But it should be simple to grab the IP of the 20 random URL domains and match against SURBL as well. Then they can purchase as many domains as they like, won't matter a bit.
--Chris
Hi!
- Those registers are going to feel some rath soon from the antispam
community. 2) We gonna mark the IP, you silly little monkeys!
I think the code should be added into the SURBL code. It would need to be a patch for SA 3.0 as it is prbly too late for it to go in now. But it should be simple to grab the IP of the 20 random URL domains and match against SURBL as well. Then they can purchase as many domains as they like, won't matter a bit.
ns.surbl.org or something is easilly to bitmask insiude multi, if needed.
Bye, Raymond.
On Thursday, September 9, 2004, 2:22:17 PM, Raymond Dijkxhoorn wrote:
- Those registers are going to feel some rath soon from the antispam
community. 2) We gonna mark the IP, you silly little monkeys!
I think the code should be added into the SURBL code. It would need to be a patch for SA 3.0 as it is prbly too late for it to go in now. But it should be simple to grab the IP of the 20 random URL domains and match against SURBL as well. Then they can purchase as many domains as they like, won't matter a bit.
ns.surbl.org or something is easilly to bitmask insiude multi, if needed.
Use SBL. They already list spammer nameservers.
There's no need for us to re-invent what they're already doing. If they don't have the new name server IPs, arrange a private datafeed into SBL with Larry.
Jeff C.
-
Chris Santerre -
Jeff Chan -
Raymond Dijkxhoorn