[SURBL-Discuss] RE: Applying SURBL against blog comment spamm ers

Chris Santerre csanterre at merchantsoverseas.com
Fri Sep 3 12:15:50 CEST 2004



>-----Original Message-----
>From: Jeff Chan [mailto:jeffc at surbl.org]
>Sent: Thursday, September 02, 2004 9:23 PM
>To: 'SURBL Discussion list'
>Subject: Re: [SURBL-Discuss] RE: Applying SURBL against blog comment
>spammers
>
>
>On Thursday, September 2, 2004, 7:28:16 AM, Rob McEwen wrote:
>(Jeff Chan wrote:)
>>>Given the lack of commonality, it may not make much sense to
>>>add to the mail spam lists, since it would be an extra 2000+
>>>records that would probably not get hits on mail.
>
>>>The MT-Blacklist doesn't seem to update too frequently (the
>>>last new record was from 8/29) and has about 2000 records.
>>>Matthew's list was pretty sparse so far.  So I'm still
>>>pondering things.
>
>> I could be totally wrong... but I suspect that the lack of 
>commonality may
>> be more due to either the MT-blacklist not being updated as 
>frequently or
>> because the MT-blacklist may not be updated as extensively.
>
>> A good test may be to "Google" some more frequently found 
>SURBL-blocked
>> domains which are not on the MT-blacklist along with the 
>phrase "moveable
>> type" ...you might find a lot of blog-comment spam which 
>should have been on
>> the MT-blacklist and is already in SURBL.
>
>Hmm, interesting.  Other comments also seem to suggest that the
>blog spammers are sometimes the same as mail spammers.  So maybe
>there should be more overlap, but additions to MT-blacklist are
>slower than SURBLs.
>
>On the other hand, our databases are pretty far reaching and
>should have hit on even older blog spam domains, yet they
>largely didn't.
>
>The quick and easy answer, which may be wrong, is that they're
>different folks, or at least different domains.
>
>Jeff C.
>

Oh please don't think that just yet!! Seriously. I'm working with some
ninjas and the 6dos data and a new tool to let you look up this info! So far
it ROCKS beyond belief! But more coming, and trying to keep data source
anonymous of course. Also trying to tie in some other tools that other SURBL
submitters have been asking for. 

Bottom line is that these guys ARE the same people. Data shows it. 

ON the blog spam pointing to other blog spams, well I would LART the
submitter who didn't hand check that! Just like the ones that try to submit
ebay and junk! I follow up all of those, and would see it points to another
blog. Then I'd follow that until I had a KNOWN spam domain to add. If I
didn't have enough proof, I wouldn't list.

I have a "Not added" folder that grows everyday because of this. :)

--Chris (Way too many projects going on!!)


More information about the Discuss mailing list