[SURBL-Discuss] Re: Need help checking FP list from Theo

Chris Santerre csanterre at merchantsoverseas.com
Wed Sep 8 17:09:04 CEST 2004



>-----Original Message-----
>From: Jeff Chan [mailto:jeffc at surbl.org]
>Sent: Tuesday, September 07, 2004 9:38 PM
>To: SURBL Discussion list
>Subject: Re: [SURBL-Discuss] Re: Need help checking FP list from Theo
>
>
>On Tuesday, September 7, 2004, 6:16:36 PM, Jeff Chan wrote:
>> On Tuesday, September 7, 2004, 5:40:47 PM, Joe Wein wrote:
>>> Chris Santerre wrote:
>>>> Domain List matching contacts_email of hostmaster at 1and1.com
>>>>
>>>>     * 1: 1-asian-sex.com
>>>>     * 2: 1and1.com
>>> ...
>>>>     * 48: uptimesoftware.com
>>>>     * 49: wonderfulldeals.com
>
>>> I think you're missing the point, Chris. The domain 
>1and1.com is unlikely to
>>> be listed in spam, let alone *only* listed in spam. 
>Furthermore, of the
>>> domains you list I had a hard time finding one that was 
>both active and
>>> SURBL-listed.
>
>> I hope Chris was showing us some other domains with similar
>> registration information.  That said, *registrar* information
>> isn't to useful except in the case of mostly blackhat registrars.
>
>I should add, this kind of data is only useful in proving a
>blackhat registrar if we also know how many other domains
>they have registered.
>
>If a registrar has 100 spam domains but 100,000 legitimate
>ones they're probably not a blackhat registrar.  If another
>registrar has 100 spam domains but 20 legitimate ones, they're
>likely a blackhat.  Domains belonging to the second registrar
>could be "scored" as more likely spammy by some yet to be
>written (or revealed) software.  However that only works if
>you can see the other 100,000 and the 20, which normally you
>can't. 
>
>In other words not enough information may be visible to
>draw reliable conclusions about the badness of a given
>registrar.  On the other hand some general information
>about the number of domains some large registrar holds is
>available at registration statistics sites like:
>
>  http://www.whois.sc/internet-statistics/registrar-stats-2003.html
>

Jeff and Joe,
	This is exactly why I posted this info! For info purposes. I don't
know a german web hoster from a hole in the wall! (Thats a crazy american
saying for I don't know jack about them!) But I do have access to similar
registrar info. And quite a lot more then what I posted. 

It is my hope that one day I can make it privately availible to SURBL guys.
But right now I can't.  Look at Jeff's comment:

"
> Domain List matching cluster of russ-effrig

>     * 1: 007inkjets.com
>     * 2: 00inkjets.com
>     * 3: 111inkjets.com
>     * 4: 123cartridges.com
>     * 5: 123inkjets.com
[...]

>That's interesting, but I think it misses the point:"

NO it doesn't! The point was..... its interesting!! :)  123inkjets has been
linked to a ton of other spam domains. The fact that they have customers
makes it legit???? SO anyone who falls for these spams and buys something,
makes it legit? Think about that. Where do you draw the line?

All spams will have some suckers. All spams will therefore have customers.
All spams will have SOMEONE report it is legit. This shall forever now be
known as the Santerre Theory of Spam Legitamicy. :)

I fully intend to be the Ying to Jeff's Yang. *giggle* 

SO we gather a few things from the info I posted, and added to by what you
guys know. 1and1 is ok to whitelist. But 123inkjets is a more difficult
domain. For me I say leave them listed. 

Sometimes legit companies spam. If they feel little pain, they will do it
again. 

I hate FPs as much as Jeff. 

--Chris



More information about the Discuss mailing list