[SURBL-Discuss] SBL with message body URIs
Patrik Nilsson
patrik at patrik.com
Mon Jul 19 00:36:21 CEST 2004
At 22:14 2004-07-18 +0200, Raymond Dijkxhoorn wrote:
> > I picked the 10 most recently reported domains to the SC blocklist and
> > manually checked what dns servers they used, and if the IPs for those dns
> > servers where already listed in SBL.
> > For 9 out of 10, they where.
> > Data included below.
>
>But those are also in SURBL, except one, but that one isnt active anymore.
>So for me, i would save the resolving and use SURBL for now :)
They are in SURBL now, but where they when the first spam run using those
domains started?
I see a few spam (not many, but more than I would like...) getting under
the SURBL radar daily, using new domains that are not reported/listed until
a few hours later.
The point is that the IPs for the NS records had been listed in SBL for
quite some time before the domains even showed up in spam.
Very fresh example:
instantbodyhealer.com
Not listed in any SURBL list at the moment.
NS servers IPs listed in SBL since May 2nd.
>Its however a nice addon to what SURBL does, it goes 2 steps further, but
>it also more
>expensive on busy servers to do many more lookups and resolving....
As the SBL catches the first run of the "new domain of the day" from
certain domain morphing spammers that isn't caught by SURBLs, I can live
with some extra dns lookups and potential time-outs.
But I agree, they are complementary.
Patrik
More information about the Discuss
mailing list