[SURBL-Discuss] RFC: Adding malwaredomains.com data to phishing list?

Jeff Chan jeffc at surbl.org
Mon Nov 26 16:14:08 CET 2007


Quoting Joseph Brennan <brennan at columbia.edu>:

>
>
> --On Sunday, November 25, 2007 18:51 -0800 Jeff Chan <jeffc at surbl.org>
> wrote:
>
> > Does anyone have any comments on adding the malware domains at:
> >
> >   http://www.malwaredomains.com/
> >
> > to the SURBL phising list, with significant filtering to exclude
> > possible false positives?  The actual list would be the third field
> > of:
> >
> >   http://www.malwaredomains.com/files/domains.txt
> >
> > The data includes malware and phishing sites.
>
>
> The first field seems to be the URI we would see in mail.  Isn't that
> what we would want to search?
>
> Otherwise I don't understand why the third field repeatedly lists
> F-Secure's pages about virus threats at http://www.f-secure.com/weblog/.
> We would not want to interfere with mail referring to F-Secure.
>
> Another third field, www.webhelper4u.com/cws/cwsbyalphanumeric.html,
> listed many many times, is a 404.

Thanks.  There are some leading tabs, and the fields are tab-separated, so the
third tabbed field is the first visible one (on uncommented records).

Cheers,

Jeff C.


More information about the Discuss mailing list