[SURBL-Discuss] RE: Start an IP list to block?

Justin Mason jm at jmason.org
Fri Sep 10 00:42:42 CEST 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Matthew Wilson writes:
> If it helps, I agree with Chris.  One point to note: Virtual hosters
> can't use IP addresses in their URLs, because the web server needs a
> http host header to differentiate between all the possible virtual
> hosted sites.  However, it really wouldn't be difficult to have the
> SURBL URI detection algorithm find dotted quad URLs, and store these in
> the SURBL database just like any other domain name... 

now *that* is a good point ;)

- --j.

> -Matthew
> 
> -----Original Message-----
> From: discuss-bounces at lists.surbl.org
> [mailto:discuss-bounces at lists.surbl.org] On Behalf Of Chris Santerre
> Sent: Thursday, September 09, 2004 4:19 PM
> To: 'Raymond Dijkxhoorn'; Alex Broens
> Cc: SURBL Discussion list (E-mail); Spamassassin-Talk (E-mail);
> users-return-15498-sa-list=alexb.ch at spamassassin.apache.org
> Subject: [SURBL-Discuss] RE: Start an IP list to block?
> 
> >-----Original Message-----
> >From: Raymond Dijkxhoorn [mailto:raymond at prolocation.net]
> >Sent: Thursday, September 09, 2004 5:10 PM
> >To: Alex Broens
> >Cc: users-return-15498-sa-list=alexb.ch at spamassassin.apache.org; SURBL 
> >Discussion list (E-mail); Spamassassin-Talk (E-mail)
> >Subject: Re: Start an IP list to block?
> >
> >
> >Hi!
> >
> >> Chris, Raymond ,
> >>
> >> I went thru a random few of these and they're were listed at
> >Spamhaus.
> >> Using spamhaus at SMTP level or SA doing RBL lookups would
> >have caught and
> >> stopped them... Spamcop probably has quite a few of them
> >listed as well
> >
> >No, that wont work. The spams are sended in via trojans/proxys only the
> 
> >websites are static. SOME are blocked with DSBL and so but most of the 
> >time they start a spamrun with a fresh set it seems.
> >
> >So yes, they are inside spamhaus, but only the websites, didnt see 
> >mails sended out from there (yet).
> >
> 
> Agreed. They may be listed, but for mail, not hosting. They use other
> IPs to send, and keep the host on their IPs. SOme of the bigger spammers
> are saying "Screw SURBL, I've got enough dough to get a new domain for
> every run, and it still remains profitible."
> 
> To which we have 2 replies:
> 1) Those registers are going to feel some rath soon from the antispam
> community.
> 2) We gonna mark the IP, you silly little monkeys!
> 
> I think the code should be added into the SURBL code. It would need to
> be a patch for SA 3.0 as it is prbly too late for it to go in now. But
> it should be simple to grab the IP of the 20 random URL domains and
> match against SURBL as well. Then they can purchase as many domains as
> they like, won't matter a bit.
> 
> --Chris
> _______________________________________________
> Discuss mailing list
> Discuss at lists.surbl.org
> http://lists.surbl.org/mailman/listinfo/discuss
> 
> _______________________________________________
> Discuss mailing list
> Discuss at lists.surbl.org
> http://lists.surbl.org/mailman/listinfo/discuss
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Exmh CVS

iD8DBQFBQNxiQTcbUG5Y7woRAgfJAKC06vruRCBiTm5tjbPVX8cYPzbufwCg7SeH
bwfMzGet7a11fwIuFW+LLKs=
=eHaE
-----END PGP SIGNATURE-----

More information about the Discuss mailing list