[SURBL-Discuss] Re: SURBL & BigEvil

Jeff Chan jeffc at surbl.org
Sun Oct 31 14:10:54 CET 2004

On Monday, April 12, 2004, 8:59:21 AM, Burnie Burnie wrote:
> Paul Barbeau <Paul at hypernet.ca> wrote:

>> There still might be a place for BigEvil in this new world of SURBL.  I find
>> there are a number of domain in BigEvil (and my own MidEvil) that are not
>> yet in the spam cop and therefore not in this service.  Because of this
>> there might still be a place for this type of list as you could call it more
>> cutting edge.

> Another issue to SURBL vs BigEvil:

> If the spammer uses redirectors for urls, AFAIK only BigEvil
> will match those. 
> SURBL will only check the hostname of the redirector.
> I.e. http://drs.yahoo.com/covey/parr/*http://spammer.address/ 

> Perhaps this (and tinyurl, etc.) is an issue to be discussed?

Here's a finer point to add the discussion.  SpamCop itself
does seem to disambiguate (most of) the redirection.  If
someone is using a redirector to send traffic to spamdomain.com,
SpamCop seems to detect and resolve if correctly to spamdomain.com
most of the time.  So the data that's used as input to sc.surbl.org
already has redirectors correctly handled to some extent.

The SA code using sc.surbl.org such as SpamCopURI and urirhdbl
may or may not be as capable of detecting and resolving the
redirections.  I can't really say for sure because I have
not reviewed that code.  My focus is on more the data side of
things.  Certainly it would be useful of the code handling
messages coming in from the wild were able to resolve
redirections fully, but I'm not sure that's currently the case.

This is why we do these projects openly: so other people can
add fixes, improve install scripts, add new features, etc.

> BTW: Currently my stats show that of all recognized spam
>      during the last ~85 hours (- 12919 spam)
> - 62.3% is in "sc.surbl.org"
> - 76.3% is in "sbl-xbl.spamhaus.org" (
> - 82.3% is in either/both of those
> -  2.4% were put "over the edge" because of those rules

> The last percentage is a bit low due to running bigevil,
> sa-blacklist.uri and quite a bunch of other rules.

Thanks for sharing the stats!  I hope to be able to increase
the spam detection rates significantly for sc.surbl.org when
I get back to coding.... ;-)

Jeff C.
Jeff Chan
mailto:jeffc at surbl.org-nospam

More information about the Discuss mailing list