[SURBL-Discuss] Was: List of spamvertised sites sent via zombies, open proxies, etc.?

Jeff Chan jeffc at surbl.org
Sun Mar 13 14:29:04 CET 2005

On Sunday, March 13, 2005, 5:12:30 AM, Jeff Chan wrote:
> On Friday, March 11, 2005, 11:27:52 PM, Jeff Chan wrote:
>> Does anyone have or know about a list of spam-advertised URIs
>> where the spam they appeared in was sent through open relays,
>> zombies, open proxies, etc.  In other words does anyone know
>> of a list of spamvertised web sites or their domains that's
>> been cross referenced to exploited hosts?

>> We could use that information as a valuable tool for getting
>> more records into SURBLs.

> One fairly easy for anyone running a large SpamAssassin
> installation to help us get this data would be to simply grep
> for "XBL" and "SURBL" rules hitting the same message and report
> out the URI domains from those messages.

> Perhaps some kind person could write a reporting function in
> SpamAssassin for this?

Hmm, perhaps if we could extract *all* URI domains from messages
sent through XBLed senders then prioritize those say by frequency
of appearance, we could create a new SURBL list of spamvertised
domains sent through exploited hosts.  That would pretty directly
address the use of zombies, etc. and put a penalty on using them
to advertise sites through them.  Even with volume weighting such
a list of sites could be attacked by major joe job unless we took
additional countermeasures, but does anyone else think this might
be a useful type of data source for SURBLs?

Jeff C.
"If it appears in hams, then don't list it."

More information about the Discuss mailing list