[SURBL-Discuss] Was: List of spamvertised sites sent via zombies, open proxies, etc.?

Patrik Nilsson patrik at patrik.com
Sun Mar 13 18:22:05 CET 2005


At 05:29 2005-03-13 -0800, Jeff Chan wrote:
>Hmm, perhaps if we could extract *all* URI domains from messages
>sent through XBLed senders then prioritize those say by frequency
>of appearance, we could create a new SURBL list of spamvertised
>domains sent through exploited hosts.  That would pretty directly
>address the use of zombies, etc. and put a penalty on using them
>to advertise sites through them.  Even with volume weighting such
>a list of sites could be attacked by major joe job unless we took
>additional countermeasures, but does anyone else think this might
>be a useful type of data source for SURBLs?

Might be interesting to contact the CBL people that provide most of the XBL 
data and see if they would be interested in setting something up that would 
parse out the url domains directly in the scripts already running on the 
CBL spamtraps.

There would still be a need for further processing to eliminate FPs of 
course, but a feed at the source level would mean a substantial reduction 
in the time to listing as well as a larger data set.

Patrik




More information about the Discuss mailing list