[SURBL-Discuss] Large ham corpus hits against SURBLs
Joe Wein
joewein at pobox.com
Fri Sep 10 14:05:17 CEST 2004
> At the 85th percentile there were a few more:
>
> automotivedigest.com
> chartshop.com
> ct002.com
> dakotaairparts.com
> hallogram.com
> infoaeroplan.ca
> investorsinsight.com
> processrequest.com
> sitepronews.com
> topachat.com
>
> These are arguably false positives. What do we know about them.
> Should we whitelist or not whitelist any?
I checked for overlaps with my blacklists.
ct002.com goes with 123greetings.com, which is *not* blacklisted on SURBL.
I blacklisted ct002.com on September 3, 2004 when I found it in a
spammy-looking mail from Raymond's spamfeed. It was less than a year old and
here's what SA thought about the triggering message:
spam, SpamAssassin (score=15.844,
required 5, BAYES_99 5.40, CLICK_BELOW 0.10,
HTML_FONT_INVISIBLE 0.60, HTML_MESSAGE 0.10, MIME_HTML_ONLY 0.32,
MSGID_FROM_MTA_HEADER 0.70, OUTBLAZE_URI_RBL 3.50,
RATWARE_HASH_2_V2 1.62, WS_URI_RBL 3.50)
So obviously my listing wasn't the first one on SURBL. I can't rule out that
the mail was solicited though.
Joe
More information about the Discuss
mailing list