[SURBL-Discuss] Spam in progress bit ...

Eric Montréal erv at mailpeers.net
Thu Aug 10 00:20:58 CEST 2006

Michele Neylon :: Blacknight Solutions a écrit :
> Peter Bowyer wrote:
>> On 09/08/06, Eric Montréal <erv at mailpeers.net> wrote:
>>> also, since most legitimate mailing lists are to recipients in close
>>> geographic proximity,
> Legitimate mailing lists would include this one, the SA users list and
> numerous industry lists covering every possible topic from linguistics to
> engineering and marketing. 
> I get mail from Microsoft that they send to all their partners worldwide.
> Maybe "geographic proximity" is relative to the size of the universe?
Looks like something else is the size of the universe ...

Major lists whose distribution is to as many different servers as a spam 
run have little chance to
be sent from a domain listed in surbl.

When was the last time Microsoft got listed in surbl ?

Smaller lists might end up being sent from a false positive domain and 
the idea is that surbl test pattern
(queries/minutes, burst/continuous, historical comparisons, geolocation 
and perhaps other metrics) should
allow to differentiate between such a list and a spam run.

An antispam service such as surbl does have a far more complete picture 
on a global scale than anyone
operating some mail servers. The access pattern such a service will see 
is mirroring major spam runs,
and this could be exploited. That was the basic idea.

More information about the Discuss mailing list