[SURBL-Discuss] Probable new data source: DNS queries hittingspamhaus lists

Steven Champeon schampeo at hesketh.com
Wed Nov 10 16:29:32 CET 2004

on Wed, Nov 10, 2004 at 08:25:43AM -0500, Rob McEwen wrote:
> CBL catches a LOT of spam... but it also periodically will list the
> mailserver for respected IPS where that ISP had one user who send out a
> bunch of spam and then CBL listed the IP address of that server.

IME, it's not so much spam as virus-infected machines. One reason I
continue to use CBL is that it keeps out 40% of the virus traffic I'd
see otherwise - that the infected machines are often used as spam
proxies is icing on the cake. And anything that encourages slacker
mail admins to /stop emitting or proxying viruses/ is a good thing in
my book. So I don't see what your problem is.

As for the issue of listing domains and IPs of known spammer domains;
I've been doing this (listing IPs of found spammer domains and checking
unknown domains against the IP blacklist) for several months and it's
worked pretty well. In a nutshell, the spammers change IPs more slowly
than they change domains. It's a useful check. But you have to be
careful to expire those IPs from time to time, as they're subsequently
reassigned (whether to other spammers or to legit businesses).

join us!   http://hesketh.com/about/careers/web_designer.html       join us! 
hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2554 w: http://hesketh.com
join us!   http://hesketh.com/about/careers/account_manager.html    join us!

More information about the Discuss mailing list