-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Jeff Chan writes: > On Friday, April 2, 2004, 3:27:13 PM, Justin Mason wrote: > > Jeff Chan writes: > >> Does anyone have any data about the persistence of spam URI > >> domains? I'll even settle for any data about spam web server > >> IP addresses. :-) > > > I've seen the same domain being used for several months. > > Thanks much for the feedback. Can you cite some persistent > spam domains? 530000x.com, 530000x.org, 530000x.net -- these stuck around for quite a while before being dropped. They're now almost definitely not around any more ;) > I'd like to check their histories against my data from SpamCop > reporting. We have enough history built up that I should be able > to see if they would have fallen off my lists at certain points > due to our relatively short expiration. I might be able to use > that information to tune the expirations better. > > > BTW I would suggest a TTL in the list of at least 1 month for reported > > URIs. If you're worried about FPs hanging around for long, provide a very > > easy removal method (e.g. web form or email). Don't bother trying to > > assess the spamminess or otherwise of the requester, just remove the URL > > ASAP (and log the action, of course). > > > Side issue: why use easy removal without questions? Spammers do not have > > the bandwidth to remove themselves from every list. If they *do* go to > > the bother, and a URL does get removed, then repeatedly crops up in spam > > again, it should be raised as an alarm -- and possibly brought to the > > notice of other people -- e.g. this list or others. > > > If it really is a spammy URL and the spammer just keeps removing it, I'd > > imagine the URL would be noted as such and quickly find its way into > > systems that *don't* offer easy removal. ;) If it isn't a spammy URL, > > then you've saved yourself a lot of FPs and annoyed users, without > > requiring much legwork on your part. > > > Basically the philosophy is to make it easy for anyone to remove an > > URL from the list. > > It's a useful approach to know about. I'm sure as I get more > experience I'll be better able to make judgements about what > can work best. It definitely helps to have input from the > "spam war veterans" so I appreciate it! np ;) - --j. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Exmh CVS iD8DBQFAbgDsQTcbUG5Y7woRApqKAKCmxonGVplkIyB6ddREeyM6aAKbfQCgmstl KP9y5iepKUnwPRff2sQF4E8= =aZTO -----END PGP SIGNATURE-----
