On Tuesday, August 3, 2004, 5:47:57 AM, Albert Whale wrote: > Jeff Chan wrote:
>>Well first, SURBLs don't have many IP addresses. Most entries >>in the lists are domain names. > Most Phishers are based on IP Addresses. Is the SURBL a Good Match, Yes, our phishing data have disproportionately more IP addresses than the regular spam web site data do. >>Second it doesn't take "a few million" messages for an entry >>to get onto a SURBL list. For some of the lists it requires >>only one to be detected. Please see the Lists document on >>our site for more information: > Well, I say a Few million get out of the Phishers, before someone > reports it. I want to detect it, and stop it before needing to rely on > a first responder acting on behalf of someone else. I guess I am > looking for this new Detection tool to be the First Responder. Remember though that there are several sources of data for SURBLs. Some of the data sources such as the OutBlaze spam traps probably pick up phishing spams pretty quickly, along with other kinds of spams. Spamtrap processing is probably all automatic and pretty fast. There are spamtraps feeding into WS also. > This certainly is NOT going to replace the lists in the SURBL, but is > may also permit that this detection could 'feed' data into the SURBL. If you develop a good phishing data source we would be interested in carrying it in a SURBL. > Back to a previous point. Since most Phishers are using IP Addresses in > the Web Link, is there an existing test for this, or do I need to > develop it? SURBLs handle both domains and IP addresses currently. No new coding is needed for that. Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
