[SURBL-Discuss] BigEvil + MidEvil as SURBL

Chris Santerre csanterre at merchantsoverseas.com
Wed Apr 21 10:30:05 CEST 2004 


> -----Original Message-----
> From: Jeff Chan [mailto:jeffc at surbl.org]
> Sent: Wednesday, April 21, 2004 7:47 AM
> To: SURBL Discussion list; Chris Santerre
> Subject: Re: [SURBL-Discuss] BigEvil + MidEvil as SURBL
> 
> 
> On Wednesday, April 21, 2004, 4:35:41 AM, Raymond Dijkxhoorn wrote:
> > Hi!
> 
> >> BigEvil is a fairly slowly moving list.  Paul Barbeau's MidEvil
> >> is quicker moving and gets new domains usually before Chris can
> >> get them into BE.  In that sense ME is a feeder of changes into
> >> BE.  Since they are closely related, I merged them into a single
> >> be.surbl.org.  I hope Chris and Paul agree that's appropriate.
> >> 
> >> What I'd like to know is what TTLs I should use on the BE data.
> >> Probably it depends on how often ME is typically updated.  So...
> >> how often does ME get updated Paul?  :-)
> >> 
> >> Also I'd like feedback on the TXT message.  I've got the
> >> placeholder:
> >> 
> >>   "Blocked in BigEvil. See: http://www.rulesemporium.com/"
> >> 
> >> but would like feedback on it.
> 
> > Do we get a different value on looking up? For example:
> 
> > 127.0.0.2 for BE and 127.0.0.3 for ME ? 
> 
> > We should start doing that also to get the combined list going.
> 
> Currently we will have them lumped together (i.e. it's
> all .2 without differentiation as to the source).  As I
> understand it that may be appropriate since ME is meant
> to be essentially updates to BE.  I think of them as the
> same list, especially since Chris eventually merges the
> ME (update) entries into BE.  I kind of short circuit that
> process by merging them for them before turning them into
> be.surbl.org.  Hopefully that's ok.
> 
> Lists with greater differences such as ws and sc probably
> should get different A or TXT records when we eventually
> combine them.
> 
> FWIW even if we offer a combined list, the individual
> ones will probably still be available, like SBL, XBL &
> SBL-XBL at spamhaus.
> 
> Jeff C.
> 
> P.S. Chris please sign up for the SURBL Discussion and
> Announce lists if you can:  http://lists.surbl.org/
> 

I already am ;)

Yeah, usually I update BigEvil a lot more often. I'm dealing with a lot of
projects now. Some are even work related ;) And then some are beta testing a
new game :-)  Paul and I are still working out how we can merge ME and BE
together without a lot of work. But I have no problems at all combining the
ME and BE together and letting Paul add just as much as me. He knows my
basic criteria for checking the domains. 

A few things off the top of my head. Sorry if they have been discussed, I
have a LOT of email to read :)

1) BigEvil wildcards. Not sure how you would handle these. Something like
evil\d{2,4}spam\.com is a general wildcard. Some of those domains don't even
exhist. Not sure how SURBL will handle that.

2) Where would I send updates? As single domains, or a txt list? How would I
remove an FP?

3) What is the quickest way to check a domain against the other SURBL lists?
Basically I see no reason to duplicate the listings. *gulp* and on a
Windowze machine? (Don't ask!)

4) Has there been any talk with the sendmail people? It would be interesting
to actually block at the MTA level based on an evil URL. I realise the
inherent dangers in this ;)

--Chris

More information about the Discuss mailing list