[SURBL-Discuss] SURBL and listing abuse address

Jeff Chan jeffc at surbl.org
Tue Dec 21 08:41:32 CET 2004

On Monday, December 20, 2004, 12:42:26 PM, Nick Askew wrote:
> Yes I suppose if you simply perform a whois on the IP address of the
> site you will end up with some spammer that does not care if you post to
> abuse or postmster. However I would think that most spam domains are
> purchased off other ISP's so after a while perhaps it would be possible
> to change the listed address to that of the ISP's ISP and so on until
> someone takes notice.

Which is almost exactly what SpamCop does.  (SpamCop tracks
and reports both sender IPs and the Spamvertised web sites.)
I recommend that everyone reports to SpamCop the spam that
gets through their filters.  Those reports are used to create
RBLs and SURBLs like sc.surbl.org and ab.surbl.org.

> I'm sure that actually fetching the content of the site would work to
> deter people from sending out their URL as spam but it would lead to a
> new problem. Every machine in the world using SURBL (and let's face it
> that should be everyone, it works so well) could be used for a DoS
> attack just by sending an email (OK the domain would need to be in

Yes, and the same applies to sending outbound mail (such as
to an abuse address) in response to a spam.  Any outbound
network traffic responding to spam is potentially dangerous
to your network and those of innocent bystanders.  It's not
a good idea.

Jeff C.
"If it appears in hams, then don't list it."

More information about the Discuss mailing list