[SURBL-Discuss] use of surbl to check non-body content?

Jeff Chan jeffc at surbl.org
Wed Oct 12 07:49:35 CEST 2005


On Tuesday, October 11, 2005, 10:33:55 PM, Rob McEwen wrote:
> Jeff asked:

>>What kinds of percentage of spam message header domains are
>>showing up on SURBLs?  I would imagine the hit rates might not be
>>too high, so there may be a processing cost/benefit issue.
> ...and...
>>I'm puzzled why there would be FPs.  Are hammers forging spam domains in
>>their headers?  That would seem bizarre if so.

[...]
> But, let me mention that the overall FP rate is still very, very low. It was
> like 1/200 FPs, or less. (but I'm guessing)

> Most often, if a FP occurred, it was because an IP address used in a
> spammer's URL would, for whatever reason, also appear in the headers of
> legit messages.

Huh?  SURBLs are mostly domains.  Were you resolving SURBL domains
then checking resolved IPs against header IPs?  That would be, ahem,
unusual.

Jeff C.
--
Don't harm innocent bystanders.



More information about the Discuss mailing list