[SURBL-Discuss] use of surbl to check non-body content?

Steven Champeon schampeo at hesketh.com
Tue Oct 11 19:42:28 CEST 2005


I've noticed that SURBL (and URIBL, who I will contact later) lists
several domains that have appeared in spam header contents as well as in
body contents. I'd like to use SURBL (probably multi) as an optional
domains BL check against headers known to contain domains, such as
the Message-ID, From, and Reply-To headers, a la

Message-Id: <200510020442.j924gBkv021479 at expoactive.net>
From: ExpoActive <advertising at expoactive.net>
Reply-To: advertising at expoactive.net

From: "Steven McGuire" <stevenmcguire at aaaaa2.com>    
List-Unsubscribe: <mailto:leave-2005_1-6m_optin-10289508G at aaaaa2.com>
Message-Id:  
<LYRIS-10289508-169-2005.10.03-20.50.13--{vic#tim}@aaaaa2.com>

From: "iMarketing Sales Leads" <julieandrews at imailzone.info>

Reply-To: "OAG" <club at reachmail.net>

From: TuneUp Software Newsletter <newsletter at tune-up.com>
Reply-To: newsletter4v2-reply at newsletter.tune-up.com

From: "Solutions" <info at disklesspc.com>
Reply-To: info at disklesspc.com

From: "Millionaires Concierge" <info at millionaires-concierges1.com>
Reply-To: info at millionaires-concierges1.com

Message-Id: <200510020442.j924gBkv021479 at expoactive.net>
From: ExpoActive <advertising at expoactive.net>
Reply-To: advertising at expoactive.net

As I've only received 23 spams not otherwise classifiable as worth
blocking using other means (e.g., 419 scams which can be blocked by
injection IP) this /month/, having successfully blocked all the rest,
I'd really like to take advantage of the realtime nature of SURBLs.

I could see immediate results in the form of blocking literally 1/3 of
the remaining spam I allow in here.

Comments? This would be an optional configuration for my enemieslist
package, which I intend to have more widespread distribution eventually
but which would not represent a crushing query load at present.

-- 
hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2554 w: http://hesketh.com
antispam news, solutions for sendmail, exim, postfix: http://enemieslist.com/


More information about the Discuss mailing list