On Monday, August 16, 2004, 6:18:10 AM, Bob Apthorpe wrote: > On Mon, 16 Aug 2004 08:12:03 -0400 Jeff Koch <[EMAIL PROTECTED]> wrote:
>> What methodology is being used here: >> >> - Web sites contained in the message body are checked against network >> databases of domains that advertise with spam. >> >> Are we doing a lookup of the advertised domain name against network >> databases or are we looking up the IP and matching against that? > Domain name, not IP address. That entry refers to the following: > " - URIDNSBL rules. These do DNSBL lookups on URLs, allowing URLs found > in the message body to be used in spam determination. Added the SURBL > blocklist (http://www.surbl.org/)." There are two different sets of functions within the SpamAssassin 3.0 URIDNSBL module: 1. uridnsbl - looks up nameservers of a URI domain and compares them against sbl.spamhaus.org. In other words detects domains served by spammy name servers. Quite effective against domains that are registered in bulk and controlled by the same spam gangs. 2. urirhsbl and urirhssub - looks up domains and ip addresses in SURBL lists. In other words detects domains and a few IP addresses that have already occurred in spams. Effective against known spam. For more information about SURBLs, please see: http://www.surbl.org/ Hope this helps, Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
