[SURBL-Discuss] SURBL and listing abuse address

Jeff Chan jeffc at surbl.org
Tue Dec 21 08:41:32 CET 2004


On Monday, December 20, 2004, 12:42:26 PM, Nick Askew wrote:
> Yes I suppose if you simply perform a whois on the IP address of the
> site you will end up with some spammer that does not care if you post to
> abuse or postmster. However I would think that most spam domains are
> purchased off other ISP's so after a while perhaps it would be possible
> to change the listed address to that of the ISP's ISP and so on until
> someone takes notice.

Which is almost exactly what SpamCop does.  (SpamCop tracks
and reports both sender IPs and the Spamvertised web sites.)
I recommend that everyone reports to SpamCop the spam that
gets through their filters.  Those reports are used to create
RBLs and SURBLs like sc.surbl.org and ab.surbl.org.

> I'm sure that actually fetching the content of the site would work to
> deter people from sending out their URL as spam but it would lead to a
> new problem. Every machine in the world using SURBL (and let's face it
> that should be everyone, it works so well) could be used for a DoS
> attack just by sending an email (OK the domain would need to be in
> SURBL).

Yes, and the same applies to sending outbound mail (such as
to an abuse address) in response to a spam.  Any outbound
network traffic responding to spam is potentially dangerous
to your network and those of innocent bystanders.  It's not
a good idea.

Jeff C.
--
"If it appears in hams, then don't list it."



More information about the Discuss mailing list