[SURBL-Discuss] RE: Start an IP list to block?

Matthew Wilson matthew at boomer.com
Thu Sep 9 23:41:22 CEST 2004 

If it helps, I agree with Chris.  One point to note: Virtual hosters
can't use IP addresses in their URLs, because the web server needs a
http host header to differentiate between all the possible virtual
hosted sites.  However, it really wouldn't be difficult to have the
SURBL URI detection algorithm find dotted quad URLs, and store these in
the SURBL database just like any other domain name... 

-Matthew

-----Original Message-----
From: discuss-bounces at lists.surbl.org
[mailto:discuss-bounces at lists.surbl.org] On Behalf Of Chris Santerre
Sent: Thursday, September 09, 2004 4:19 PM
To: 'Raymond Dijkxhoorn'; Alex Broens
Cc: SURBL Discussion list (E-mail); Spamassassin-Talk (E-mail);
users-return-15498-sa-list=alexb.ch at spamassassin.apache.org
Subject: [SURBL-Discuss] RE: Start an IP list to block?



>-----Original Message-----
>From: Raymond Dijkxhoorn [mailto:raymond at prolocation.net]
>Sent: Thursday, September 09, 2004 5:10 PM
>To: Alex Broens
>Cc: users-return-15498-sa-list=alexb.ch at spamassassin.apache.org; SURBL 
>Discussion list (E-mail); Spamassassin-Talk (E-mail)
>Subject: Re: Start an IP list to block?
>
>
>Hi!
>
>> Chris, Raymond ,
>>
>> I went thru a random few of these and they're were listed at
>Spamhaus.
>> Using spamhaus at SMTP level or SA doing RBL lookups would
>have caught and
>> stopped them... Spamcop probably has quite a few of them
>listed as well
>
>No, that wont work. The spams are sended in via trojans/proxys only the

>websites are static. SOME are blocked with DSBL and so but most of the 
>time they start a spamrun with a fresh set it seems.
>
>So yes, they are inside spamhaus, but only the websites, didnt see 
>mails sended out from there (yet).
>

Agreed. They may be listed, but for mail, not hosting. They use other
IPs to send, and keep the host on their IPs. SOme of the bigger spammers
are saying "Screw SURBL, I've got enough dough to get a new domain for
every run, and it still remains profitible."

To which we have 2 replies:
1) Those registers are going to feel some rath soon from the antispam
community.
2) We gonna mark the IP, you silly little monkeys!

I think the code should be added into the SURBL code. It would need to
be a patch for SA 3.0 as it is prbly too late for it to go in now. But
it should be simple to grab the IP of the 20 random URL domains and
match against SURBL as well. Then they can purchase as many domains as
they like, won't matter a bit.

--Chris
_______________________________________________
Discuss mailing list
Discuss at lists.surbl.org
http://lists.surbl.org/mailman/listinfo/discuss

More information about the Discuss mailing list