[SURBL-Discuss] general questions.....

Chris Santerre csanterre at MerchantsOverseas.com
Fri Nov 19 15:39:31 CET 2004



>-----Original Message-----
>From: Jeff Chan [mailto:jeffc at surbl.org]
>Sent: Friday, November 19, 2004 5:38 AM
>To: SURBL Discuss
>Subject: Re: [SURBL-Discuss] general questions.....
>
>
>On Thursday, November 18, 2004, 12:13:26 PM, Chris Santerre wrote:
>> About 15% of the spams I get are not in SURBL, but are by 
>the time I try to
>> add :) 
>
>Ask Terry Sullivan sometime what the theoretical maximum
>detection rate of a collective spam classification system might
>be.  He had some research showing it maxes out at around 85%.
>So we're probably already pretty close to the theoretical
>limits of this type of system.

Me thinks I need to google for more data on this :)

>
>> I have not done any study of domains that continue to try to 
>spam despite
>> being in SURBL. Any numbers on these? Possibly the 
>most/longest hit domain
>> in SURBL lookups?? 
>
>> SHould we post the top 25 lookups to SURBL?
>
>You mean like:
>
>  http://www.surbl.org/dns-queries.blocklist.counts.txt
>

Perfect! This is what I mean, block port 80 (or all ports for that matter)
for 

Hits	Domain
1875	imgehost.com

Hosted by Electric Lightwave, eli.net. 

Domain List matching dns_a of 67.50.118.130
48 total matches

    * 1: 123onlinecash.com
    * 2: 500fastcash.com
    * 3: absoluteroi.com
    * 4: americash-online.com
    * 5: azooimages.com
    * 6: camasterd.com
    * 7: cashadvancenow.com
    * 8: cashbackvalues.com
    * 9: cashbuzz.com
    * 10: cbvmasterd.com
    * 11: costamasterd.com
    * 12: cvcmasterd.com
    * 13: d1masterd.com
    * 14: dabogus.com
    * 15: directdepositcash.com
    * 16: efastcashloans.com
    * 17: egcmasterd.com
    * 18: epointmasterd.com
    * 19: equity1auto.com
    * 20: equityoneauto.com
    * 21: ezcash-online.com
    * 22: fast-funds-online.com
    * 23: fastcashandgas.com
    * 24: fastcashusa.com
    * 25: financialhosting.com
    * 26: hostimages.net
    * 27: imagedataserver.com
    * 28: imagesbyaz.com
    * 29: imgehost.com
    * 30: imgserver.net
    * 31: inamasterd.com
    * 32: lighteningcash.com
    * 33: mbcashmasterd.com
    * 34: mycash-online.com
    * 35: myonlinepayday.com
    * 36: oledirect.com
    * 37: oledirect2.com
    * 38: oneclickcash.com
    * 39: paydaycity.com
    * 40: pclmasterd.com
    * 41: ptymasterd.com
    * 42: sellingsource.com
    * 43: smartshopperonline.com
    * 44: steaksofstlouis.com
    * 45: tpmasterd.com
    * 46: webfastcash.com
    * 47: xenlog.com
    * 48: yourfastcash.com

By blocking port 80 (or all) at the firewall for this IP address, you don't
have to worry about them getting new domain names. Only the worst cases
should be blocked. If you have 48 spam domains on one host, you suck as an
ISP :) I seriously would like to hear the ISP's argument for being unblocked
on this one. 

--Chris


More information about the Discuss mailing list