[SURBL-Discuss] RE: Start an IP list to block?

Chris Santerre csanterre at merchantsoverseas.com
Thu Sep 9 23:33:20 CEST 2004

>-----Original Message-----
>From: Jeff Chan [mailto:jeffc at surbl.org]
>Sent: Thursday, September 09, 2004 5:26 PM
>To: Chris Santerre
>Cc: SURBL Discussion list (E-mail); Spamassassin-Talk (E-mail)
>Subject: Re: Start an IP list to block?
>On Thursday, September 9, 2004, 1:56:33 PM, Chris Santerre wrote:
>> OK, this isn't the first time we've had this discussion, but 
>Raymond and I
>> felt this should be made public again. He ran thru some 
>tests of 1500+
>> domains and found the following data. Looks like they maybe send from
>> zombies, and never their hosts. IPs are similar across the board. 
>> So is there a way to use the IP info in a good way? Could SA 
>or SURBL do a
>> quick ping of the URL and match against a URL? This would 
>allow us to simply
>> list 1 IP instead of all these domains.
>> (I'm well aware of virtual hosts! So only the filthiest of 
>spammers would be
>> put on this IP list. Then their IP better boot them or 
>anyone hosted on that
>> box would feel the rath of SURBL.)
>Yes, we've already discussed reasons why we're using only the
>data actually found in spam URIs.  The potential for collateral
>damage in looking at resolved IPs is too high.
>It would be very easy for a large hosting provider to have 1
>bad guy sharing a web server with 100 or 1000 non-spammers.
>Given that we can't see those other 100 or 1000, it would be
>very easy for us to add that 1 IP address and block the
>other 100 or 1000 *without even knowing it*.
>It is a question about the limits of knowledge.  In our
>universe we can't see the potential collateral damage from
>listing a shared host, so we should not do it.  From our
>point of view it's not knowable.  Sure the hosting company
>knows whether that's the case, but we can't.
>I'd encourage people with questions like this to read up or
>take some classes on epistemology or the theory of knowledge.
>Or just contemplate the possibilities harder...  ;-)

LOL, I love our conversations ;)

Well when I said filthy, I meant down right Christina Aguleira raunchy
spammers! The drippiest of rotten stinking spammers. Basically those hosted
by spam friendly hosts. This is a step I was sure you would not want to do,
but I can think of a ton on the SPAM-L list who would jump at the chance.
Makes ISPs become more responsible. 

However this is just theory discussion anyway...or is it :p


More information about the Discuss mailing list