[SURBL-Discuss] SURBL and listing abuse address

Chris Santerre csanterre at MerchantsOverseas.com
Mon Dec 20 21:55:37 CET 2004



>-----Original Message-----
>From: Nick Askew [mailto:Nick at Askew.nl]
>Sent: Monday, December 20, 2004 3:42 PM
>To: 'SURBL Discussion list'
>Subject: RE: [SURBL-Discuss] SURBL and listing abuse address
>
>
>> > I'm relatively new to all this so please forgive me if this 
>> has been 
>> > suggested before or indeed if it is simply possible with 
>other mail 
>> > servers. It occurs to me that we could list the various abuse 
>> > addresses of the ISP hosting the black listed site and this 
>> could be 
>> > returned when a match is found. If the server software 
>then bounced 
>> > the mail not to the sender but to the abuse address we 
>> would seriously 
>> > start to affect these ISP's.
>> 
>> Most of these domains either dont have abuse addresses, nor 
>> care about any abuse email that rolls their way (the're just 
>> dummy domains who only exist for a month to spam, then die).. 
>> What you are suggesting is going to result in my server 
>> queueing the message (rather than just returning a 5xx half 
>> way through the SMTP conversation) and sending it to a 
>> (probably bogus) abuse address, which will bounce..
>> 
>Yes I suppose if you simply perform a whois on the IP address of the
>site you will end up with some spammer that does not care if 
>you post to
>abuse or postmster. However I would think that most spam domains are
>purchased off other ISP's so after a while perhaps it would be possible
>to change the listed address to that of the ISP's ISP and so on until
>someone takes notice.
>
>I'm sure that actually fetching the content of the site would work to
>deter people from sending out their URL as spam but it would lead to a
>new problem. Every machine in the world using SURBL (and let's face it
>that should be everyone, it works so well) could be used for a DoS
>attack just by sending an email (OK the domain would need to be in
>SURBL).

Discussing ideas is always good :)

A quicker method instead of looking at the spamvertised site, is to look at
the whois info for the spam domain. Something being worked on now. 

All SURBL entries are manually added by a human. Well, some guys ride the
border of 'human'. We'll just say biped. :-) 

--Chris 


More information about the Discuss mailing list