[SURBL-Discuss] general questions.....

Jeff Chan jeffc at surbl.org
Fri Nov 19 11:38:20 CET 2004


On Thursday, November 18, 2004, 12:13:26 PM, Chris Santerre wrote:
> About 15% of the spams I get are not in SURBL, but are by the time I try to
> add :) 

Ask Terry Sullivan sometime what the theoretical maximum
detection rate of a collective spam classification system might
be.  He had some research showing it maxes out at around 85%.
So we're probably already pretty close to the theoretical
limits of this type of system.

> I have not done any study of domains that continue to try to spam despite
> being in SURBL. Any numbers on these? Possibly the most/longest hit domain
> in SURBL lookups?? 

> SHould we post the top 25 lookups to SURBL?

You mean like:

  http://www.surbl.org/dns-queries.blocklist.counts.txt

This sample of blocklist hits of SURBL list DNS queries ranked by
number of hits? 

Or the overall DNS queries:

  http://www.surbl.org/dns-queries.counts.txt

including blocklist, whitelist, and unmatched hits, etc.

  http://www.surbl.org/links.html

> This way people can look at
> maybe denying these by IP at firewall?

If you're talking about sender IPs, zombies would defeat that.
Or do you mean having the firewall parse the email messages and
do a name resolution on the URI domains?

Jeff C.
--
"If it appears in hams, then don't list it."



More information about the Discuss mailing list