[SURBL-Discuss] Spam in progress bit ...
Eric Montréal
erv at mailpeers.net
Thu Aug 10 00:20:58 CEST 2006
Michele Neylon :: Blacknight Solutions a écrit :
> Peter Bowyer wrote:
>
>> On 09/08/06, Eric Montréal <erv at mailpeers.net> wrote:
>>
>>
>>> also, since most legitimate mailing lists are to recipients in close
>>> geographic proximity,
>>>
>
> Legitimate mailing lists would include this one, the SA users list and
> numerous industry lists covering every possible topic from linguistics to
> engineering and marketing.
>
> I get mail from Microsoft that they send to all their partners worldwide.
>
> Maybe "geographic proximity" is relative to the size of the universe?
>
>
Looks like something else is the size of the universe ...
Major lists whose distribution is to as many different servers as a spam
run have little chance to
be sent from a domain listed in surbl.
When was the last time Microsoft got listed in surbl ?
Smaller lists might end up being sent from a false positive domain and
the idea is that surbl test pattern
(queries/minutes, burst/continuous, historical comparisons, geolocation
and perhaps other metrics) should
allow to differentiate between such a list and a spam run.
An antispam service such as surbl does have a far more complete picture
on a global scale than anyone
operating some mail servers. The access pattern such a service will see
is mirroring major spam runs,
and this could be exploited. That was the basic idea.
More information about the Discuss
mailing list