[SURBL-Discuss] SBL with message body URIs

Patrik Nilsson patrik at patrik.com
Mon Jul 19 00:36:21 CEST 2004

At 22:14 2004-07-18 +0200, Raymond Dijkxhoorn wrote:
> > I picked the 10 most recently reported domains to the SC blocklist and
> > manually checked what dns servers they used, and if the IPs for those dns
> > servers where already listed in SBL.
> > For 9 out of 10, they where.
> > Data included below.
>But those are also in SURBL, except one, but that one isnt active anymore.
>So for me, i would save the resolving and use SURBL for now :)

They are in SURBL now, but where they when the first spam run using those 
domains started?
I see a few spam (not many, but more than I would like...) getting under 
the SURBL radar daily, using new domains that are not reported/listed until 
a few hours later.
The point is that the IPs for the NS records had been listed in SBL for 
quite some time before the domains even showed up in spam.

Very fresh example:
Not listed in any SURBL list at the moment.
NS servers IPs listed in SBL since May 2nd.

>Its however a nice addon to what SURBL does, it goes 2 steps further, but 
>it also more
>expensive on busy servers to do many more lookups and resolving....

As the SBL catches the first run of the "new domain of the day" from 
certain domain morphing spammers that isn't caught by SURBLs, I can live 
with some extra dns lookups and potential time-outs.

But I agree, they are complementary.


More information about the Discuss mailing list