[SURBL-Discuss] use of surbl to check non-body content?
Steven Champeon
schampeo at hesketh.com
Wed Oct 12 14:43:15 CEST 2005
on Tue, Oct 11, 2005 at 10:01:29PM -0700, Jeff Chan wrote:
> > I do know that spammer domains - listed in SURBL and
> > URIBL already - do tend to be found in headers likely to direct replies
> > back to the spammer, and which may contain tracking devices also useful
> > to the spammer (when inserted by compliant clients as References: or
> > In-Reply-To: in the reply). I'm advocating rejecting these known spammy
> > messages, which would otherwise be caught/tagged by SURBLs after
> > delivery (and delivered or quarantined, after which it's in the hands of
> > users to know whether or not to reply to ask to be removed), during
> > the SMTP conversation, not after.
>
> Sounds reasonable, even if it's not the original purpose of
> SURBLs.
>
> What kinds of percentage of spam message header domains are
> showing up on SURBLs? I would imagine the hit rates might not be
> too high, so there may be a processing cost/benefit issue.
Well, I don't allow much spam into my network - I reject it all as best
I can. For reliable numbers, you'd need to ask someone with a large spam
corpus. But of the 25 spams I let in so far this month (which doesn't
count 419 scams, most of which came in via hotmail) 8 of them would have
been blockable using uribl/surbl lookups. I figure 32% is a good enough
number to at least try the approach.
--
hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2554 w: http://hesketh.com
antispam news, solutions for sendmail, exim, postfix: http://enemieslist.com/
More information about the Discuss
mailing list