Keith C. Ivey wrote to [EMAIL PROTECTED]:
> Don't forget this:
>
> [ ... snip more examples of ways spammers could trivially poison any
> kind of automatic URI retrieval ... ]
Yes, there are plenty of ways to poison URI blocklists, *if* the spam
URIs are automatically retrieved from the email.
We don't trust auto-classification of content to build corpuses for
scoring and new rules (they must be hand-classified by someone to be
useful)... so why would we trust auto-classification of URIs for
inclusion in the SURBL lists?
SURBLs are based on user submissions of *URIs* found in spam messages,
not the messages themselves. See
http://www.rulesemporium.com/cgi-bin/uribl.cgi?report=1
The SpamCop list gets its information from a different source, but it is
still based on the user submission of URIs.
Outblaze does seem to do some more "automatic" filtering. This bothered
me a bit: "For any domain found in these [spam trap] emails, we check
for 'new' and if so, its blocked." Thus, I score Outblaze quite a bit
lower, and watch it for FPs.
Now I'm going to do something useful and hand-classify the URIs in 1,200
spam messages I found from the last day or so that don't exist in SURBL
rules. :-)
- Ryan
--
Ryan Thompson <[EMAIL PROTECTED]>
SaskNow Technologies - http://www.sasknow.com
901-1st Avenue North - Saskatoon, SK - S7K 1Y4
Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon
Toll-Free: 877-727-5669 (877-SASKNOW) North America
