[SURBL-Discuss] proxypots

Justin Mason jm at jmason.org
Wed Jun 16 13:35:00 CEST 2004

Hash: SHA1

Jeff Chan writes:
> I was going to propose taking the top Nth percentile of reports,
> hopefully from a large base of pots, but a large poisoner could
> break into that too.

hmm.  probably helpful, as long as they generate random URLs for
every mail.

> Another approach, which Outblaze apparently applies to their
> domains to block on is to only list domains that have been
> registered within the last 90 days.  The principle is that the
> newness is a good partial predictor of spammyness and that
> could have some value.

yes, that would probably help...

> All of the above may not be enough to obtain good results
> automatically, mainly due to the poisoning problem you
> mention.
> > Its 'just' a extra source, ... on mu pot i found a couple domains that 
> > were indeed spammer domains but not listed yet. It involves some manual 
> > action but i think its nice additions.
> Hand-checking could make it feasible.

definitely, that's the key.  Even checking the URLs (dump the text
with "lynx -dump" for example) would probably help.

- --j.
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Exmh CVS


More information about the Discuss mailing list