[SURBL-Discuss] Large ham corpus hits against SURBLs

Jeff Chan jeffc at surbl.org
Fri Sep 10 14:19:32 CEST 2004


On Friday, September 10, 2004, 5:05:17 AM, Joe Wein wrote:
>> At the 85th percentile there were a few more:
>>
>>   automotivedigest.com
>>   chartshop.com
>>   ct002.com
>>   dakotaairparts.com
>>   hallogram.com
>>   infoaeroplan.ca
>>   investorsinsight.com
>>   processrequest.com
>>   sitepronews.com
>>   topachat.com
>>
>> These are arguably false positives.  What do we know about them.
>> Should we whitelist or not whitelist any?

> I checked for overlaps with my blacklists.

> ct002.com goes with 123greetings.com, which is *not* blacklisted on SURBL.

> I blacklisted ct002.com on September 3, 2004 when I found it in a
> spammy-looking mail from Raymond's spamfeed. It was less than a year old and
> here's what SA thought about the triggering message:

> spam, SpamAssassin (score=15.844,
>  required 5, BAYES_99 5.40, CLICK_BELOW 0.10,
>  HTML_FONT_INVISIBLE 0.60, HTML_MESSAGE 0.10, MIME_HTML_ONLY 0.32,
>  MSGID_FROM_MTA_HEADER 0.70, OUTBLAZE_URI_RBL 3.50,
>  RATWARE_HASH_2_V2 1.62, WS_URI_RBL 3.50)

> So obviously my listing wasn't the first one on SURBL. I can't rule out that
> the mail was solicited though.

> Joe

Thanks for the checking and the feedback Joe!  :-)

Does anyone have any info on the others?

Jeff C.



More information about the Discuss mailing list