[SURBL-Discuss] URIBL with "spam sigs" proposal

Yves Junqueira yves.junqueira at gmail.com
Thu Oct 7 18:20:22 CEST 2004


Hi,

In some cases, it would be interesting to provide an alternative zone,
with a "spam signature info", for domains that could also be used for
legitimate purposes. This zone would feature a special TXT part with a
regexp or some encoded string that will be used by checking clients to
test the message.

A fake example:

buyziagra.com

TXT: listed in re.surbl.org (etc...) #click here.*buy [zvj]iagra#

The text between #'s will be used as an regexp that, if matched
against the text in slurp mode (whole buffer checked instead of
line-by-line), will make the tool return that that e-mail is Spam.

I can adapt my suriproxy to do that very easily. (Btw, there is a new
test version of suriproxy avaliable with domain whitelisting and a
better uri matching algorithm at
http://sourceforge.net/projects/pf-aux. Any new feedback would be
appreciated)

The format I used is just an illustration. It would be ideal to
develop or find a simpler "text matching" format then regexp, and yet
more powerful, to accept different character coding.

The idea of this "URIBL with spam sigs" is to avoid FP's and,
specially, to let us list domains in a less restrictive policy. Even
if a domain could used for legimate purposes, it could be added to
this special zone. I do agree with the current policy used here, but I
have several spam arriving everyday, specially from Brazilian domains,
that, if the policy is respected, could not get into the list. Yet we
need to find a solution for that, and this is my suggestion.

This new feature would, then, take two different collaborative
anti-spam solutions types - URIBL and on line content checks (Razor,
DCC, etc) in a very efficient way and using existing infra-structure,
that is, DNS servers.

The odds are it would be a bit more difficult to maintain and spam
gangs can change the text all the time. Even then, I believe this
could be interesting. Do you think this is worth trying?

sorry for my bad english,
Yves
-- 
Yves Junqueira
http://www.lynx.com.br


More information about the Discuss mailing list