[SURBL-Discuss] Re: Adding SpamBouncer phishing data to ph.surbl.org

Jeff Chan jeffc at surbl.org
Sun Jul 31 11:44:13 CEST 2005


On Saturday, July 30, 2005, 11:47:40 PM, Greg Allen wrote:
> It seems like this would be a hard thing to do by IPs. If you were to use
> Clamav and the Spamassassin hook (see wiki for it), you may get better near
> real-time phishing protection. That is what I do here any way. I give Clamav
> a 100 score. That's my 2 cents anyway.

Not exactly sure what you mean by "by IPs".  SURBLs list whatever
appears in spam message body URI (host portions).  For most spams
those are domain names, but for many phishes, they're IP
addresses (i.e. http://1.2.3.4/).  If they have IPs in them, we
list the IPs.  If they have domain names, we list the domain names.

ClamAV is designed to protect against viruses.  While their
anti-phishing function works well, phishes and spam are not
viruses.  They probably felt the need to do something because
the phishing threat is pretty serious, or can be if people
get tricked by them, but we've had a SURBL phishing list for
about a year:

  http://www.surbl.org/lists.html#ph

SURBLs are designed to check message body URIs, which is
what spammers and phishers are usually trying to direct victims
with, therefore our tool is a much better fit for the problem
than a virus tool, IMO.

Jeff C.
-- 
Jeff Chan
mailto:jeffc at surbl.org
http://www.surbl.org/



More information about the Discuss mailing list