[SURBL-Discuss] Was: List of spamvertised sites sent via zombies, open proxies, etc.?

Jeff Chan jeffc at surbl.org
Sun Mar 13 18:39:41 CET 2005


On Sunday, March 13, 2005, 9:22:05 AM, Patrik Nilsson wrote:
> At 05:29 2005-03-13 -0800, Jeff Chan wrote:
>>Hmm, perhaps if we could extract *all* URI domains from messages
>>sent through XBLed senders then prioritize those say by frequency
>>of appearance, we could create a new SURBL list of spamvertised
>>domains sent through exploited hosts.  That would pretty directly
>>address the use of zombies, etc. and put a penalty on using them
>>to advertise sites through them.  Even with volume weighting such
>>a list of sites could be attacked by major joe job unless we took
>>additional countermeasures, but does anyone else think this might
>>be a useful type of data source for SURBLs?

> Might be interesting to contact the CBL people that provide most of the XBL 
> data and see if they would be interested in setting something up that would 
> parse out the url domains directly in the scripts already running on the 
> CBL spamtraps.

> There would still be a need for further processing to eliminate FPs of 
> course, but a feed at the source level would mean a substantial reduction 
> in the time to listing as well as a larger data set.

> Patrik

Excellent suggestion!  Does anyone have contacts at CBL?

Jeff C.
--
"If it appears in hams, then don't list it."



More information about the Discuss mailing list