[SURBL-Discuss] Spam in progress bit ...

Eric Montréal erv at mailpeers.net
Thu Aug 10 00:20:58 CEST 2006


Michele Neylon :: Blacknight Solutions a écrit :
> Peter Bowyer wrote:
>   
>> On 09/08/06, Eric Montréal <erv at mailpeers.net> wrote:
>>
>>     
>>> also, since most legitimate mailing lists are to recipients in close
>>> geographic proximity,
>>>       
>
> Legitimate mailing lists would include this one, the SA users list and
> numerous industry lists covering every possible topic from linguistics to
> engineering and marketing. 
>
> I get mail from Microsoft that they send to all their partners worldwide.
>
> Maybe "geographic proximity" is relative to the size of the universe?
>
>   
Looks like something else is the size of the universe ...

Major lists whose distribution is to as many different servers as a spam 
run have little chance to
be sent from a domain listed in surbl.

When was the last time Microsoft got listed in surbl ?

Smaller lists might end up being sent from a false positive domain and 
the idea is that surbl test pattern
(queries/minutes, burst/continuous, historical comparisons, geolocation 
and perhaps other metrics) should
allow to differentiate between such a list and a spam run.

An antispam service such as surbl does have a far more complete picture 
on a global scale than anyone
operating some mail servers. The access pattern such a service will see 
is mirroring major spam runs,
and this could be exploited. That was the basic idea.




More information about the Discuss mailing list