[SURBL-Discuss] RE: Start an IP list to block?

Chris Santerre csanterre at merchantsoverseas.com
Thu Sep 9 23:19:29 CEST 2004



>-----Original Message-----
>From: Raymond Dijkxhoorn [mailto:raymond at prolocation.net]
>Sent: Thursday, September 09, 2004 5:10 PM
>To: Alex Broens
>Cc: users-return-15498-sa-list=alexb.ch at spamassassin.apache.org; SURBL
>Discussion list (E-mail); Spamassassin-Talk (E-mail)
>Subject: Re: Start an IP list to block?
>
>
>Hi!
>
>> Chris, Raymond ,
>>
>> I went thru a random few of these and they're were listed at 
>Spamhaus.
>> Using spamhaus at SMTP level or SA doing RBL lookups would 
>have caught and 
>> stopped them... Spamcop probably has quite a few of them 
>listed as well
>
>No, that wont work. The spams are sended in via trojans/proxys 
>only the 
>websites are static. SOME are blocked with DSBL and so but most of the 
>time they start a spamrun with a fresh set it seems.
>
>So yes, they are inside spamhaus, but only the websites, didnt 
>see mails 
>sended out from there (yet).
>

Agreed. They may be listed, but for mail, not hosting. They use other IPs to
send, and keep the host on their IPs. SOme of the bigger spammers are saying
"Screw SURBL, I've got enough dough to get a new domain for every run, and
it still remains profitible."

To which we have 2 replies:
1) Those registers are going to feel some rath soon from the antispam
community.
2) We gonna mark the IP, you silly little monkeys!

I think the code should be added into the SURBL code. It would need to be a
patch for SA 3.0 as it is prbly too late for it to go in now. But it should
be simple to grab the IP of the 20 random URL domains and match against
SURBL as well. Then they can purchase as many domains as they like, won't
matter a bit.

--Chris


More information about the Discuss mailing list