[SURBL-Discuss] Probable new data source: DNS queries hittingspamhaus lists

Steven Champeon schampeo at hesketh.com
Wed Nov 10 16:29:32 CET 2004


on Wed, Nov 10, 2004 at 08:25:43AM -0500, Rob McEwen wrote:
> CBL catches a LOT of spam... but it also periodically will list the
> mailserver for respected IPS where that ISP had one user who send out a
> bunch of spam and then CBL listed the IP address of that server.

IME, it's not so much spam as virus-infected machines. One reason I
continue to use CBL is that it keeps out 40% of the virus traffic I'd
see otherwise - that the infected machines are often used as spam
proxies is icing on the cake. And anything that encourages slacker
mail admins to /stop emitting or proxying viruses/ is a good thing in
my book. So I don't see what your problem is.

As for the issue of listing domains and IPs of known spammer domains;
I've been doing this (listing IPs of found spammer domains and checking
unknown domains against the IP blacklist) for several months and it's
worked pretty well. In a nutshell, the spammers change IPs more slowly
than they change domains. It's a useful check. But you have to be
careful to expire those IPs from time to time, as they're subsequently
reassigned (whether to other spammers or to legit businesses).

-- 
join us!   http://hesketh.com/about/careers/web_designer.html       join us! 
hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2554 w: http://hesketh.com
join us!   http://hesketh.com/about/careers/account_manager.html    join us!


More information about the Discuss mailing list