[SURBL-Discuss] Additional phish/fraud list
Jeff Chan
jeffc at surbl.org
Sun Sep 19 03:29:59 CEST 2004
On Friday, September 17, 2004, 2:47:57 PM, Bill Landry wrote:
> This is a list that MailPolice hosts and I have been running it for a few
> hours and it has already flagged some phish and fraud e-mails. Here is some
> info about the list: http://rhs.mailpolice.com/#rhsfraud
> This is my configuration for SA 2.64 with the SpamCopURI plug-in:
> uri MP_URI_RBL
> eval:check_spamcop_uri_rbl('fraud.rhs.mailpolice.com','127.0.0.2')
> describe MP_URI_RBL URI's domain appears in MailPolice fraud list
> tflags MP_URI_RBL net
> score MP_URI_RBL 2.0
> And for SA 3.0 with the URIDNSBL plug-in:
> urirhsbl URIBL_MP fraud.rhs.mailpolice.com. A
> header URIBL_MP eval:check_uridnsbl('URIBL_MP')
> describe URIBL_MP URI's domain appears in MailPolice fraud list
> tflags URIBL_MP net
> score URIBL_MP 2.0
> Bill
Let's ask more people to test the mailpolice fraud list in their
SURBL installations as Bill, David and others are doing.
If the results of additional testing are good we may merge this
data into our phishing list, PH in multi.
In particular we'd like to know if anyone gets any false
positives. We're not expecting any FPs, but it's good to
do some testing before we include this data officially.
As noted earlier, unlike SURBLs the mailpolice lists take
the entire URI including subdomains, host names, etc.,
but since the SURBL client code tries to reduce URIs to
base domains before checking them against the list, these
should not causes matches resulting in FPs.
So please give it a try, and share what you find.
Thanks,
Jeff C.
More information about the Discuss
mailing list