[SURBL-Discuss] use of surbl to check non-body content?

Jeff Chan jeffc at surbl.org
Wed Oct 12 01:55:30 CEST 2005


On Tuesday, October 11, 2005, 10:42:28 AM, Steven Champeon wrote:

> I've noticed that SURBL (and URIBL, who I will contact later) lists
> several domains that have appeared in spam header contents as well as in
> body contents. I'd like to use SURBL (probably multi) as an optional
> domains BL check against headers known to contain domains, such as
> the Message-ID, From, and Reply-To headers, a la

> Message-Id: <200510020442.j924gBkv021479 at expoactive.net>
> From: ExpoActive <advertising at expoactive.net>
> Reply-To: advertising at expoactive.net

Are these spams being sent from zombies?  If not, then we
possibly should not be listing them.  If they're sending from
their own mailservers then it's vastly more efficient to just
block their IPs at a low level, i.e., regular (local or global)
RBL. 

Regarding using SURBLs on headers, I guess I'd view that as
mission creep and somewhat away from our original focus of URI
domains.

Do any spam gangs put the URI domain on their headers when they
use zombies?  Seems to me they tend to forge everything except
the URI.

Jeff C.
--
Don't harm innocent bystanders.



More information about the Discuss mailing list