On Thursday 08 July 2004 01:44 pm, Matt Kettler wrote:
> At 01:18 PM 7/8/2004, Kelson Vibber wrote:
> >To my surprise, the confidence level actually *increased* between the
> > first check and the second!
>
> And you're the only person in the world who reports/revokes to razor?
Sometimes it seems like it ;-)
> My guess is that while you were issuing a revoke, several others issued
> reports for the same token.
On one level, that makes sense, but on another it seemed really unlikely that
lots of people were simultaneously reporting just the one post to the
MIMEDefang list.
> In the case of e8 it's going to be a domain name such as a URL in the body.
> You can trim down the message bit by bit until the e8 hash disappears. Then
> you'll have found which part made that e8 hash.
Ah, so e8 is similar to SURBL, but using the Razor protocols instead of DNS
lookups. (Is this right?)
As near as I can tell, the URL that triggered it seems to have been none other
than (drumroll please)...
http://groklaw.net
Riiiight.
So lots of people are reporting spam advertizing GrokLaw?!?
I suppose they could be getting joe-jobbed.
Does e8 filter out invisible links like <a href=URL></a>? I remember when
SURBL was first announced there was some concern over that, since some
spammers do try to poison URL lists by putting random links to third-party
sites in unclickable lints in their HTML.
--
Kelson Vibber
SpeedGate Communications, <www.speed.net>
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
Razor-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/razor-users
