In WS I have whitelisted the following thanks to responses from Steve C, and Suresh. Jeff do you want to globally WL these?
123mail.org 150mail.com 150ml.com 16mail.com 2-mail.com 4email.net 50mail.com bestmail.us cluemail.com coolestmail.com elitemail.org emailcorner.net emailgroups.net emailplus.org emailuser.net fast-email.com fast-mail.org fastemail.us fastemailer.com fastmail.cn fastmail.us fastmailbox.net fastmessaging.com fmailbox.com fmgirl.com fmguy.com hailmail.net imap-mail.com imapmail.org internet-e-mail.com internet-mail.org internetemails.net internetmailing.net jetemail.net letterboxes.org mail-central.com mail-page.com mailas.com mailbolt.com mailc.net mailhaven.com mailingaddress.org mailite.com mailmight.com mailnew.com mailsent.net mailworks.org messagingengine.com myfastmail.com nospammail.net ownmail.net postinbox.com proinbox.com promessage.com reallyfast.biz reallyfast.info rushpost.com speedpost.net speedymail.org ssl-mail.com swift-mail.com the-fastest.net the-quickest.com theinternetemail.com veryfast.biz warpmail.net xsmail.com yepmail.net your-mail.com
Chris Santerre System Admin and SARE Ninja http://www.rulesemporium.com http://www.surbl.org 'It is not the strongest of the species that survives, not the most intelligent, but the one most responsive to change.' Charles Darwin
on Wed, Oct 20, 2004 at 03:05:43PM -0400, Chris Santerre wrote:
In WS I have whitelisted the following thanks to responses from Steve C, and Suresh. Jeff do you want to globally WL these?
Just occured to me - fastmail.fm is a mail host; so I checked to see if they also offer Web hosting. They do.
http://www.fastmail.fm/docs/faqparts/FileDomain.htm#FileDomainOverview
So, good call sticking these domains into the exclude list.
On Wednesday, October 20, 2004, 12:05:43 PM, Chris Santerre wrote:
In WS I have whitelisted the following thanks to responses from Steve C, and Suresh. Jeff do you want to globally WL these?
123mail.org 150mail.com 150ml.com
[...]
Thanks much!
Yes, if they are good enough to whitelist out of the individual lists then we should whitelist them over all lists. I've added them to the master whitelist.
I also added fastmail.fm; hope that's correct.
Can you describe where these came from? Are they all from WS or also from OB; due to DMOZ hits or other?
Jeff C. -- "If it appears in hams, then don't list it."
I'm glad we're continuing to make progress here with whitelisting FPs.
BTW... since it seems like many of these are hosting companies who do not "police" their customers for spam as well as they ought to... this brings up a question...
I know that SURBL is intended for domains and IP addresses. Therefore, NOT listing a domain probably allows some of that domain's subdomains and subwebs to go crazy with their spam sending.
Therefore, recognizing that it is not SURBL's job to catch these, does anyone know of a constantly updated "clearing house" list (not DNSBL) of such subdomains and subwebs?
(...I know that Joe keeps a lot of good stuff like this on his site...)
Also, in case my terminology is not quite technically accurate... this is what I meant:
subdomains = subdomain.thatdomain.com subwebs = thatdomain.com/subweb
Rob McEwen
on Wed, Oct 20, 2004 at 03:46:53PM -0400, Rob McEwen wrote:
Also, in case my terminology is not quite technically accurate... this is what I meant:
subdomains = subdomain.thatdomain.com
This is one of those idiot-proof Web hosting naming conventions that I wish would just die. 'subdomain.thatdomain.com' is a /hostname/. It's not a subdomain unless there are hosts /in/ that subdomain, a la
mail.subd.foo.com <-> - top level domain <-> - second level domain (or subdomain b/c auth delegated for hosts) <-----> - domain <--> <----------> \ -- subdomain (b/c auth delegated for hosts in the zone) -- host
Of course, I may be talking through my hat. But that's my reading of RFC 882. (e.g., a domain is defined by the subdomains it defines, usually in terms of the DNS zones that exist for that sub/domain).
subwebs = thatdomain.com/subweb
Why not just call them URL paths? We used to refer to these as "subsites" back in the day, but technically they're just URL paths in this context as there's no sense of their being components with multiple pages under them or anything.
That is precisely why I did say, "in case my terminology is not quite technically accurate"... I had a feeling it wasn't!!!
But I'm not so sure I'm unconfused yet by Stephen's explanation... perhaps I'm now **less** confused :) But thanks, Stephen, I do need all the help I can get!
Still... back to my original question, does anyone know of a "clearinghouse" list of such abuser's who, by definition, will never get explicitly listed in SURBL?
Rob McEwen
on Wed, Oct 20, 2004 at 04:30:54PM -0400, Rob McEwen wrote:
That is precisely why I did say, "in case my terminology is not quite technically accurate"... I had a feeling it wasn't!!!
But I'm not so sure I'm unconfused yet by Stephen's explanation... perhaps I'm now **less** confused :) But thanks, Stephen, I do need all the help I can get!
No ph. Just a v. :)
It's all a matter of how the records are defined.
example.com has a single DNS zone. All A records defined in that zone are hosts, plain and simple.
example.net has two DNS zones: foo.example.net and bar.example.net. Records defined in the foo zone (e.g., www.foo.example.net) are hosts in the foo subdomain. Records defined in the bar zone (e.g., mail.bar.example.net) are in the bar subdomain.
Nevertheless, I can define 'www.foo' in 'example.com' and it's just a host, albeit a host with a name containing a period.
In a nutshell: if there are further hosts defined in the zone, and the responsibility for managing those hosts is distinct from the authoritative source for info about the domain, it's a subdomain.
Anyway. The problem is that most of the Web hosting control panels that expose the ability to define 'A' records call them "subdomains", which is simply incorrect.
Still... back to my original question, does anyone know of a "clearinghouse" list of such abuser's who, by definition, will never get explicitly listed in SURBL?
Nope. Sorry. It'd be nice to have, though.
On Wednesday, October 20, 2004, 1:06:58 PM, Steven Champeon wrote:
'subdomain.thatdomain.com' is a /hostname/. It's not a subdomain unless there are hosts /in/ that subdomain, a la
mail.subd.foo.com <-> - top level domain <-> - second level domain (or subdomain b/c auth delegated for hosts) <-----> - domain <--> <----------> \ -- subdomain (b/c auth delegated for hosts in the zone) -- host
Of course, I may be talking through my hat. But that's my reading of RFC 882. (e.g., a domain is defined by the subdomains it defines, usually in terms of the DNS zones that exist for that sub/domain).
subwebs = thatdomain.com/subweb
Why not just call them URL paths? We used to refer to these as "subsites" back in the day, but technically they're just URL paths in this context as there's no sense of their being components with multiple pages under them or anything.
An entire URI can be thought of as a path in that it describes a location through the Internet, services and server(s). The right hand side stuff with slashes can also be thought of as a path within a given web site.
A subdomain is something that's delegated to another zone. A zone is "an autonomously administered piece of the namespace" like an Autonomous System Number (ASN) is an autonomously administered network within the BGP routing space. Both can have distinctly different administration policies within their space.
A host is a name within the same zone. It can be thought of as a leaf or destination in the DNS hierarchy. A subdomain can be thought of as a node or branch or folder containing other subdomains or hosts. In a filesystem analogy, domains and subdomains are like directories or folders and hosts are like files.
So:
foo.bar.baz.com
can be be either a host in a subdomain, or a subdomain of a subdomain, depending on the zone delegations. It's impossible to tell which is the case externally if only looking at the fully qualified domain name (all four names above), as the "foo" could define either a host or a subdomain. And a subdomain can respond as a web site the same as a host-terminated name can. Some careful poking and prodding of the zone data can reveal the underlying structure, but that's way more than the average user can do. Usually only hostmasters and folks who administer DNS use the terms correctly or can reverse engineer someone else's domains, so it's probably not too useful to try to define subdomains versus hosts for the general public.
Jeff C. -- "If it appears in hams, then don't list it."
On Wednesday, October 20, 2004, 12:46:53 PM, Rob McEwen wrote:
BTW... since it seems like many of these are hosting companies who do not "police" their customers for spam as well as they ought to... this brings up a question...
I know that SURBL is intended for domains and IP addresses. Therefore, NOT listing a domain probably allows some of that domain's subdomains and subwebs to go crazy with their spam sending.
I somewhat disagree with that premise. There's a disincentive for shared hosting companies to allow their services to be abused since it adds to their traffic and support costs and gains them little. Abuses at legitimate providers tends to be a money loser. On the other hand if they ignore abuse complaints they can save on immediate support costs.
But hard core spammers would do a lot of damage to a shared legitimate host, in terms of traffic, support, and damaged reputation which is why pill/mortgage/warez spammers usually seem to be on their own domains and often on their own servers. And they host at spam friendly or tolerant ISPs in places like China, Korea and Brazil.
subwebs = thatdomain.com/subweb
I would call those paths. Anything on the right hand side of the domain is a path, directory or folder depending on the local vocabulary.
Jeff C. -- "If it appears in hams, then don't list it."
Jeff said:
I somewhat disagree with that premise. There's a disincentive for shared hosting companies to allow their services to be abused since it adds to their traffic and support costs and gains them little. Abuses at legitimate providers tends to be a money loser. On the other hand if they ignore abuse complaints they can save on immediate support costs.
Good point. I think that this certainly causes this problem to be "minimized". But, I still see a "niche" area where spamming "paths" pop up quickly and where some of these are not taken down in a timely manner.
For example, there was one spammer from a large hosting company in Spain (terra.es) who sent spam for **months** before finally being shut down. It was easy for me to manually blacklist them... but I wonder how many others are like this one who use the same URL long enough to warrant being added to **some** kind of list, but who are not so obnoxiously proliferate so as to catch my individual attention.
Rob McEwen
On Wednesday, October 20, 2004, 1:51:37 PM, Rob McEwen wrote:
For example, there was one spammer from a large hosting company in Spain (terra.es) who sent spam for **months** before finally being shut down. It was easy for me to manually blacklist them... but I wonder how many others are like this one who use the same URL long enough to warrant being added to **some** kind of list, but who are not so obnoxiously proliferate so as to catch my individual attention.
How much mail volume were they doing? If it's not millions per hour or even millions per day, it's probably not a significant problem in the bigger picture.
Jeff C. -- "If it appears in hams, then don't list it."
Jeff said:
How much mail volume were they doing? If it's not millions per hour or even millions per day, it's probably not a significant problem in the bigger picture.
I have no idea about that Terra site's overall spam volume (Internet-wide). I can only say that my server was getting over 100 spams per week from them for several months (with intermittent pauses).
...also...
I, personally, would get about 200+ total spams per day if I turned off all filtering on my server. (my e-mail address has been "out there" for years). With my current filtering, I get an average of 1 or 2 spams per day. (thanks in large part to SURBL!!!)
Interestingly, just by coincidence, I did in fact get one of these "path" or "subsite" type of e-mails spams from a Geocities site. I've e-mailed Geocities's abuse dept with the raw contents of the e-mail and a message about it being spam. I'll report back to see how quickly they take care of this one. (I expect GeoCities to do better than some of these other smaller and more marginal players would... so this is not a very typical test).
The contents of the spam are found here: http://www.pvsys.com/geocities.txt
The advertised web site is here: http://www.geocities.com/altosadickeandkom1816/el/
WARNING... this is definitely a pron spam... possibly Child Pron... can't tell for sure whether these girls are 18 yet... not that I spent a lot of time looking :) ...I was just curious whether or not the site was already shut down by the time I received this spam.
Again, this is a very anecdotal test... and a bit off-topic for SURBL... except that much of the whitelisting (which, BTW, I agree with) that we are currently doing with SURBL WILL cause more of this type of spam to "slip through".
Rob McEwen
On Wednesday, October 20, 2004, 4:49:39 PM, Rob McEwen wrote:
Interestingly, just by coincidence, I did in fact get one of these "path" or "subsite" type of e-mails spams from a Geocities site. I've e-mailed Geocities's abuse dept with the raw contents of the e-mail and a message about it being spam. I'll report back to see how quickly they take care of this one. (I expect GeoCities to do better than some of these other smaller and more marginal players would... so this is not a very typical test).
[...]
Again, this is a very anecdotal test... and a bit off-topic for SURBL... except that much of the whitelisting (which, BTW, I agree with) that we are currently doing with SURBL WILL cause more of this type of spam to "slip through".
Sure, but who is more likely to shut off this type of site: Yahoo or China Telecom? I know which one I would bet on. ;-)
Jeff C. -- "If it appears in hams, then don't list it."
-
Chris Santerre -
Jeff Chan -
Rob McEwen -
Steven Champeon