[SURBL-Discuss] Additional phish/fraud list

Jeff Chan jeffc at surbl.org
Sat Sep 18 01:20:25 CEST 2004


Can you clarify, are your lists intended to be sender domain
lists or message body URI lists:

  http://rhs.mailpolice.com/

> What is rhs.mailpolice.com?
> 
> MailPoliceTM maintains a domain-based list of domains which
> have been (ab)used to send spam to our customers. There are
> currently several domain-based lists: one which lists bulk mail
> senders and unsolicited advertisers; pornographic e-mailers and
> websites; reverse DNS hostnames of dynamic Internet
> connections; websites and IP's hosting fraudulant or phishing
> content; legitimate e-mail marketers and opt-in advertisers;
> and domains used by webmail providers. 

> What is the point of a domain-based list? what's wrong with an ip-rbl?
> 
> Judging e-mail based on the MAIL-FROM or hostname of the
> connecting mail server or websites advertised within an e-mail,
> is effective. Many unsolicited e-mailers regularly buy domains
> for the sole purpose of spam. No matter where the spam is sent
> from, it can be blocked based on the senders' domain name, or
> the domain name used in advertising URLs in the body of the
> e-mail. 
> 
> Blocking based on IP address is effective only as long as the
> spammer continues to send from these IP addresses, it does not
> take into consideration that spammers can quickly move to
> another set of IP addresses, or use unlisted proxies. 
> 
> Using a combination of domain-based and IP-based blacklists is
> an effective weapon against spam. 

It sounds from the description that your RHS lists are sender
domains as opposed to message body URI domains as we use
with SURBLs.

That said, I can see how Bill may have found some overlap with
message body URIs.

Jeff C.



More information about the Discuss mailing list