[SURBL-Discuss] Re: Was: List of spamvertised sites sent via zombies, open proxies, etc.?

Jeff Chan jeffc at surbl.org
Sun Mar 13 18:09:40 CET 2005


It would probably help if I explained that I brought up two
different but related ides in quick succession:

1.  Asking for URI domains of messages sent through zombies, open
relays, open proxies, etc. detected by XBL that mentioned SURBL URIs.

2.  Asking for URI domains of messages sent through zombies, open
relays, open proxies, etc. detected by XBL regardless of whether
those domains were already listed in SURBLs or not.

The latter may actually be more useful since it's broader and
more inclusive.  We could easily intersect them against SURBLs
ourselves if it were useful for other applications.

I believe this could be a valuable new data source.  It's true
that Spamhaus and others probably already have this data
internally but we don't.  ;-)  It's also possibly true that
existing trap based lists like ob.surbl.org and jp.surbl.org
may already have similar data in them.  As Paul notes there
is probably a lot of overlap between the various datasets
being used or proposed.

I'd probably ask for messages sent through XBL and list.dsbl.org
listed hosts since both lists are pretty reliable.  Completeness
of compromised host detection is probably non-essential for this
application.  The resulting dataset would be so large that missing
some fraction of zombies probably would not affect the end result
very much.  The sites of the biggest spammers would tend to
bubble to the top of a volume-ranked list.

Jeff C.
--
"If it appears in hams, then don't list it."



More information about the Discuss mailing list