-----Original Message----- From: Jeff Chan [mailto:jeffc@surbl.org] Sent: Thursday, September 09, 2004 5:26 PM To: Chris Santerre Cc: SURBL Discussion list (E-mail); Spamassassin-Talk (E-mail) Subject: Re: Start an IP list to block?
On Thursday, September 9, 2004, 1:56:33 PM, Chris Santerre wrote:
OK, this isn't the first time we've had this discussion, but
Raymond and I
felt this should be made public again. He ran thru some
tests of 1500+
domains and found the following data. Looks like they maybe send from zombies, and never their hosts. IPs are similar across the board.
So is there a way to use the IP info in a good way? Could SA
or SURBL do a
quick ping of the URL and match against a URL? This would
allow us to simply
list 1 IP instead of all these domains.
(I'm well aware of virtual hosts! So only the filthiest of
spammers would be
put on this IP list. Then their IP better boot them or
anyone hosted on that
box would feel the rath of SURBL.)
Yes, we've already discussed reasons why we're using only the data actually found in spam URIs. The potential for collateral damage in looking at resolved IPs is too high.
It would be very easy for a large hosting provider to have 1 bad guy sharing a web server with 100 or 1000 non-spammers. Given that we can't see those other 100 or 1000, it would be very easy for us to add that 1 IP address and block the other 100 or 1000 *without even knowing it*.
It is a question about the limits of knowledge. In our universe we can't see the potential collateral damage from listing a shared host, so we should not do it. From our point of view it's not knowable. Sure the hosting company knows whether that's the case, but we can't.
I'd encourage people with questions like this to read up or take some classes on epistemology or the theory of knowledge. Or just contemplate the possibilities harder... ;-)
LOL, I love our conversations ;)
Well when I said filthy, I meant down right Christina Aguleira raunchy spammers! The drippiest of rotten stinking spammers. Basically those hosted by spam friendly hosts. This is a step I was sure you would not want to do, but I can think of a ton on the SPAM-L list who would jump at the chance. Makes ISPs become more responsible.
However this is just theory discussion anyway...or is it :p
--Chris
-
Chris Santerre