[SURBL-Discuss] BigEvil + MidEvil as SURBL

Jeff Chan jeffc at surbl.org
Thu Apr 22 16:15:37 CEST 2004


On Thursday, April 22, 2004, 9:01:19 AM, Chris Santerre wrote:
>> From: John Wilcock [mailto:john at tradoc.fr]

>> Perhaps the ideal would be if the script that converts bigevil to rbl
>> form could also generate a separate "wildevil" cf file containing only
>> the wildcard entries from bigevil, so that people can have the best of
>> both worlds...
>> 
>> John.

> Hold off on the wilcard idea for now. Let me figure out with the other guys
> what we are doing. A few ideas in the mix. But I would let wildcards stay as
> a regex file. It is crazy to try to lookup things like
> /\dmeds\d{2,6}\.(?:com|net|biz)/  , that would take a looong time to do just
> that one!

My *strongly* preferred solution to the remaining 2% wildcarded
domains would be to produce the non-wildcarded versions of
domains that had actually occurred in spams.

I.e. if the current (discarded due to wildcarding) rule is

  /\dmeds\d{2,6}\.(?:com|net|biz)/

but the actual domain(s) that triggered the rule are

  dmedsdd.com
  dmedsddd.net
  dmedsddddd.biz
  ...

then just get me the ones that actually occur.  We can
always add more later...  Yes, it does mean a longer list.

People are really fixated on this small number of discarded
rules, but of course there are solutions.

Jeff C.



More information about the Discuss mailing list