[SURBL-Discuss] use of surbl to check non-body content?

Jeff Chan jeffc at surbl.org
Wed Oct 12 07:49:35 CEST 2005

On Tuesday, October 11, 2005, 10:33:55 PM, Rob McEwen wrote:
> Jeff asked:

>>What kinds of percentage of spam message header domains are
>>showing up on SURBLs?  I would imagine the hit rates might not be
>>too high, so there may be a processing cost/benefit issue.
> ...and...
>>I'm puzzled why there would be FPs.  Are hammers forging spam domains in
>>their headers?  That would seem bizarre if so.

> But, let me mention that the overall FP rate is still very, very low. It was
> like 1/200 FPs, or less. (but I'm guessing)

> Most often, if a FP occurred, it was because an IP address used in a
> spammer's URL would, for whatever reason, also appear in the headers of
> legit messages.

Huh?  SURBLs are mostly domains.  Were you resolving SURBL domains
then checking resolved IPs against header IPs?  That would be, ahem,

Jeff C.
Don't harm innocent bystanders.

More information about the Discuss mailing list