[SURBL-Discuss] Research

Jeff Chan jeffc at surbl.org
Mon Nov 19 16:04:17 CET 2007

Quoting "Phil (Medway Hosting)" <phil at medwayhosting.com>:

> Question for admins
> Is it ok if I run a list of 45k IP's I am researching, against SURBL list
> please ? I didn't want to do it without permission in case you suddenly
> thought I have become a MUCH larger company !!
> Many thanks
> Phil

Anything up to 100k to 250k per day is ok to query against the public
nameservers.  However it's probably more efficient to rsync the zone files and
compare the data locally.

Some notes:

1.  There aren't many IP addresses on the SURBL blacklists.
2.  Most of them are cracked phishing sites or botnet web hosts.
3.  The detection of botnet web host IPs may be Zipfian: a few IPs are seen very
frequently and many IPs are seen infrequently, perhaps even as infrequently as
just once.  If so, then blacklisting them (at least the infrequently seen ones)
may not be too useful.


Jeff C.

More information about the Discuss mailing list