[SURBL-Discuss] Additional phish/fraud list

Jeff Chan jeffc at surbl.org
Sun Sep 19 03:29:59 CEST 2004


On Friday, September 17, 2004, 2:47:57 PM, Bill Landry wrote:
> This is a list that MailPolice hosts and I have been running it for a few
> hours and it has already flagged some phish and fraud e-mails.  Here is some
> info about the list:  http://rhs.mailpolice.com/#rhsfraud

> This is my configuration for SA 2.64 with the SpamCopURI plug-in:

> uri       MP_URI_RBL
> eval:check_spamcop_uri_rbl('fraud.rhs.mailpolice.com','127.0.0.2')
> describe  MP_URI_RBL     URI's domain appears in MailPolice fraud list
> tflags    MP_URI_RBL     net
> score     MP_URI_RBL     2.0

> And for SA 3.0 with the URIDNSBL plug-in:

> urirhsbl URIBL_MP fraud.rhs.mailpolice.com.   A
> header   URIBL_MP eval:check_uridnsbl('URIBL_MP')
> describe URIBL_MP URI's domain appears in MailPolice fraud list
> tflags   URIBL_MP net
> score    URIBL_MP 2.0

> Bill

Let's ask more people to test the mailpolice fraud list in their
SURBL installations as Bill, David and others are doing.

If the results of additional testing are good we may merge this
data into our phishing list, PH in multi.

In particular we'd like to know if anyone gets any false
positives.   We're not expecting any FPs, but it's good to
do some testing before we include this data officially.


As noted earlier, unlike SURBLs the mailpolice lists take
the entire URI including subdomains, host names, etc.,
but since the SURBL client code tries to reduce URIs to
base domains before checking them against the list, these
should not causes matches resulting in FPs.

So please give it a try, and share what you find.

Thanks,

Jeff C.



More information about the Discuss mailing list