Mariano,

SURBL is not meant for blocking porn unless it is also spam **And** unless the domain is NOT also found in legitimate (abet porn) e-mails. Not this these don't qualify... they may very well be good candidates for SURBL... but the fact that they were porn and found in spam is not enough. There would also have to be a determination that these are not found in non-spam porn mail. Other factors would include how egregious is the domain owner at spamming (NANAS & SpamHaus.org records, for example).

If porn-mail blocking is a concern of yours, I suggest that you use the porn blocking dnsbl found at http://rhs.mailpolice.com/. It works just like SURBL, except that it applies to domains only (not IP addresses) and, as I said, they list porn domains REGARDLESS of whether or not they are found in spam.

MailPolice.com also has a combined blocklist which merges their spam block list with their porn block list. It is also very good and catches some stuff that SURBL doesn't catch. However, be warned... it also generates some False Positives. (But not nearly as bad as some other do). I use the general blocklist (spam & porn) and I manually override the FPs as they occur to prevent them from being blocked again.

Also, as I said, both work on domains found with the message (just like SURBL, except that SURBL also lists IP addresses). These are NOT MTA-blocking RBL's.

Hope this helps!

(BTW - does anyone know of any OTHER such porn-blocking DNSBLs, like the one at mailpolice.com???)

Rob McEwen

On Thursday, October 14, 2004, 7:56:54 AM, Rob McEwen wrote:

SURBL is not meant for blocking porn unless it is also spam **And** unless the domain is NOT also found in legitimate (abet porn) e-mails. Not this these don't qualify... they may very well be good candidates for SURBL... but the fact that they were porn and found in spam is not enough. There would also have to be a determination that these are not found in non-spam porn mail. Other factors would include how egregious is the domain owner at spamming (NANAS & SpamHaus.org records, for example).

If porn-mail blocking is a concern of yours, I suggest that you use the porn blocking dnsbl found at http://rhs.mailpolice.com/. It works just like SURBL, except that it applies to domains only (not IP addresses) and, as I said, they list porn domains REGARDLESS of whether or not they are found in spam.

MailPolice.com also has a combined blocklist which merges their spam block list with their porn block list. It is also very good and catches some stuff that SURBL doesn't catch. However, be warned... it also generates some False Positives. (But not nearly as bad as some other do). I use the general blocklist (spam & porn) and I manually override the FPs as they occur to prevent them from being blocked again.

Also, as I said, both work on domains found with the message (just like SURBL, except that SURBL also lists IP addresses). These are NOT MTA-blocking RBL's.

I must agree. The only content criteria we have for SURBLs is inclusion in spam and exclusion in ham. Aside from the phishing list (which also happens to be very spammy), all the SURBL lists contain spam domains. Spam versus ham should remain our only criteria for inclusion or now.

Thanks for the information about the mailpolice list. Perhaps that will be useful to some folks.

Jeff C. -- "If it appears in hams, then don't list it."

On Thursday, October 14, 2004, 7:59:36 AM, Rob McEwen wrote:

RE: fraud.rhs.mailpolice.com phishing list

While I'm on the topic of mailpolice.com, has the "fraud.rhs.mailpolice.com" phishing list been integrated into SURBL yet? What was the result of this testing? Is this integration automated?

I've been waiting to hear back from more people about their own testing before incorporating it into ph.surbl.org.

It's easy enough to do, but we'd like more people to check the data for false positives against their own mail, test corpora, etc.

Has anyone else given this a try? If not will you please? __

[Bill Landry showed us how:]

This is a list that MailPolice hosts and I have been running it for a few hours and it has already flagged some phish and fraud e-mails. Here is some info about the list: http://rhs.mailpolice.com/#rhsfraud

This is my configuration for SA 2.64 with the SpamCopURI plug-in:

uri MP_URI_RBL eval:check_spamcop_uri_rbl('fraud.rhs.mailpolice.com','127.0.0.2') describe MP_URI_RBL URI's domain appears in MailPolice fraud list tflags MP_URI_RBL net score MP_URI_RBL 2.0

And for SA 3.0 with the URIDNSBL plug-in:

urirhsbl URIBL_MP fraud.rhs.mailpolice.com. A header URIBL_MP eval:check_uridnsbl('URIBL_MP') describe URIBL_MP URI's domain appears in MailPolice fraud list tflags URIBL_MP net score URIBL_MP 2.0

Bill __

Jeff C. -- "If it appears in hams, then don't list it."

On Thursday 14 October 2004 10:17 am, Jeff Chan wrote:

I've been waiting to hear back from more people about their own testing before incorporating it into ph.surbl.org.

It's easy enough to do, but we'd like more people to check the data for false positives against their own mail, test corpora, etc.

Has anyone else given this a try? If not will you please? __

Jeff, FWIW I added this to my setup the day you announced it and have yet to get any FP's. There have been a few 'phishing' spams that were missed but I've forwarded these to them and the other address as you suggested. Of course this is on a small single user home setup where I only receive about 150 - 200 spams a day out of about 500 msgs.