[SURBL-Discuss] Re: Was: List of spamvertised sites sent via zombies, open proxies, etc.?

Raymond Dijkxhoorn raymond at surbl.org
Sun Mar 13 14:36:55 CET 2005


Hi!

>> Perhaps some kind person could write a reporting function in
>> SpamAssassin for this?

> Hmm, perhaps if we could extract *all* URI domains from messages
> sent through XBLed senders then prioritize those say by frequency
> of appearance, we could create a new SURBL list of spamvertised
> domains sent through exploited hosts.  That would pretty directly
> address the use of zombies, etc. and put a penalty on using them
> to advertise sites through them.  Even with volume weighting such
> a list of sites could be attacked by major joe job unless we took
> additional countermeasures, but does anyone else think this might
> be a useful type of data source for SURBLs?

Jeff, please stop. ;)

If i polute domains to those spamtraps i get them inside a RBL? Then i 
wonder why we dont list the domain i am trying to get sorted out some 
time now.

Spamtraps are bad news if you use them 1:1, you need to parse out a LOT, 
did you run poluted spamtraps? I have been running two proxypots, i still 
might have some tars, and most of it was really useless. What more helps 
is a wider coverage. I rather see some automated system like spamcop 
setup, so people can report, and we auto parse it with Joe's tool for 
example. With a larger footprint we also get spam earlier. Its not like 
they first send to the spamtraps and then to 'real'users alone.

I understand you want to cover new area's but please dont rely on other 
RBL's too much, i think waiting with own checks does much more in the end. 
IF SBL picks it up we can pick it up faster. But we also want to pickup 
ones NOT listed by any RBL do we ?

Bye,
Raymond.


More information about the Discuss mailing list