[SURBL-Discuss] Re: sc2 issue (?)

Frank Ellermann nobody at xyzzy.claranet.de
Mon Nov 14 04:48:28 CET 2005


Jeff Chan wrote:

> Only one report came through SpamCop.

Ugh.  Maybe it's filtered on a "per account"
or on a "per reporting IP" base.

> The domain and IPs are not listed in any other RBLs.

One day later they certainly made it to some lists:
wunsch-pen??.com (---4-21-): .multi.surbl.org

Just for fun I also spamcopped the next 19 samples
manually, but at this time it already was on 4+2+1.

> we could say that our tests are not sensitive enough

If you only got one hit from SC the "bug" or "feature"
is on SC's side.  Your "known CIDR" accelerator can't
catch them all, they can simply hide in 217 or similar.

> I went ahead and manually blacklisted it anyway,
> assuming it's spam.

Sure like hell it is, maybe the same gang as the "OEM"
crap.  And that could be their first smart move, send
German spam to addresses in ccTLD de.  But probably
they just send it to any string with an "@".  <sigh />

                     Bye, Frank




More information about the Discuss mailing list