[SURBL-Discuss] Please test: ob.surbl.org - Outblaze spamvertised sites

Jeff Chan jeffc at surbl.org
Wed Jun 16 03:17:17 CEST 2004


Please start testing:

  ob.surbl.org

on your low-volume mail servers.  Currently it's hosted only
on a few name servers, so please don't put it into production
on any high volume mail servers yet.

We are particularly interested in hearing your False Positive
rates. 

If the testing is successful we will ask the rest of our name
servers to carry it, document it, announce it, etc.

This list has about 40k domains on it.  We still looking for ways
to prune it down, for example by expiring domains that no longer
resolve.   If someone had a reliable master list of expired
domains, that could be very helpful.

The data for this list is kindly supplied by Outblaze, and they
use it internally for blocking spams.  Here is how Yusuf
Goolamabbas describes the data sources: 
__

We gather the domains 4 different ways:

1) spam complaints that have been handled by a human 
(postmaster/abuse/support people who actually see the spam).

for the next 3, "new" is defined as: Whois reports the domain as newly 
registered(registered within last 90 days)

2) crawling thru our undeliverable outbound queues.  When we get spam from 
a domain (mailFrom), some bounces are generated.  These bounces are handled 
by a central queue.  That central queue is looked at every 60 minutes to 
see where emails are bound to.  If the domain they are bound to is "new" - 
the domain is blocked.

3) spamtrap body analysis: We have an extensive set of spamtraps.  The
emails to these accounts are analysed and URLs are extracted. For any
domain found in these emails, we check for "new" and if so, its blocked.

4) spam complaint body analysis: Similar to spamcop/yahoo/AOL, we have a
feature that allows our users to complain about individual emails "This is 
spam".  All these complaints are analysed and URLs extracted from
bodies.  If any of these are "new", they are automatically blocked.

We currently do not have a whitelist as we have never needed it.  Several 
things prevent the need for a whitelist:
a) humans that are allowed to do the blocks know what they are doing :-)
b) machines that are doing the blocks will only block based on "new"
c) machines cannot block any domain that was previously blocked and then 
unblocked by human.

We do not currently remove/expire domains automatically although its under 
consideration.

Removal procedure is by contacting postmaster at outblaze.com
__

We are working with Outblaze to not include some of the domains
that are less appropriate for SURBLs, but so far the data looks
like it could be quite useful.  Please give it a try and let us
know what you find.

Thanks,

Jeff C.
-- 
Jeff Chan
mailto:jeffc at surbl.org
http://www.surbl.org/



More information about the Discuss mailing list