-----Original Message-----
From: Jeff Chan [mailto:jeffc@surbl.org]
Sent: Thursday, September 09, 2004 5:26 PM
To: Chris Santerre
Cc: SURBL Discussion list (E-mail); Spamassassin-Talk (E-mail)
Subject: Re: Start an IP list to block?
On Thursday, September 9, 2004, 1:56:33 PM, Chris Santerre wrote:
OK, this isn't the first time we've had this discussion, but
Raymond and I
felt this should be made public again. He ran thru some
tests of 1500+
domains and found the following data. Looks like they maybe send from
zombies, and never their hosts. IPs are similar across the board.
So is there a way to use the IP info in a good way? Could SA
or SURBL do a
quick ping of the URL and match against a URL? This would
allow us to simply
list 1 IP instead of all these domains.
(I'm well aware of virtual hosts! So only the filthiest of
spammers would be
put on this IP list. Then their IP better boot them or
anyone hosted on that
box would feel the rath of SURBL.)
Yes, we've already discussed reasons why we're using only the
data actually found in spam URIs. The potential for collateral
damage in looking at resolved IPs is too high.
It would be very easy for a large hosting provider to have 1
bad guy sharing a web server with 100 or 1000 non-spammers.
Given that we can't see those other 100 or 1000, it would be
very easy for us to add that 1 IP address and block the
other 100 or 1000 *without even knowing it*.
It is a question about the limits of knowledge. In our
universe we can't see the potential collateral damage from
listing a shared host, so we should not do it. From our
point of view it's not knowable. Sure the hosting company
knows whether that's the case, but we can't.
I'd encourage people with questions like this to read up or
take some classes on epistemology or the theory of knowledge.
Or just contemplate the possibilities harder... ;-)
Well when I said filthy, I meant down right Christina Aguleira raunchy
spammers! The drippiest of rotten stinking spammers. Basically those hosted
by spam friendly hosts. This is a step I was sure you would not want to do,
but I can think of a ton on the SPAM-L list who would jump at the chance.
Makes ISPs become more responsible.
Chris Santerre