[SURBL-Discuss] Howdy

Jeff Chan jeffc at surbl.org
Sun Apr 11 09:57:37 CEST 2004


On Sunday, April 11, 2004, 8:51:10 AM, Raymond Dijkxhoorn wrote:
>> Update: I'm thinking of storing class C sized bins for the
>> tallies.  That's very quick and gets "nearness" automatically.
>> (In other words, any IPs in the same /24 could be counted
>> together initially.)  How does that sound?   Do I lose much
>> by that deliberate imprecision?  How much do the spammers move
>> IPs?  Would numerical nearness matter/help in detecting them?

> I personally like the way DSBL handles this, if a spammer moved we will 
> find out pretty quickly, if you list a /24 you will get in a lot of Ips 
> that have nothing to do with the blocks, most of the time. For example 
> spammers using a open proxy. 

Do they use open proxies for their web hosting?  Remember this
would only be the IP addresses of their URI domains, not their
mail sending.

The other thing that cuts down collateral damage is that the
IPs must resolve from message body URIs, which won't be too
common for FPs among the heaviest spammers.  OTOH, like you, I
like precision better also and don't like collateral damage
either.  Maybe full numbers is better than /24s.

Jeff C.
-- 
Jeff Chan
mailto:jeffc at surbl.org
http://www.surbl.org/



More information about the Discuss mailing list