>> If that statement is true, perhaps the surbl lists could automatically
>> include the dotquads for hosts ****that are known to be pure spam
>> sources**** and
>> not mixed systems. Then the client could get the ip for a suspect hostname
>> and see if it matched a known spam dotquad.
> I'd swear this came up before. The one (slight?) problem with this tactic is
> that you can have too many FPs if a spammer targets a legit hosting
> operation.
I think there was a failure to read all the words in my original post.
I quite specifically suggested that listing ips should be limited to hosts
****that are known to be pure spam sources****. If the host is ****KNOWN****
to be purely spam (ie: it is owned and run by the spammer), I fail completely
to see how matching on the known IP for that host can either target or hit
innocent bystanders; or indeed bystanders of any sort.
It might be argued that making the determination that a host is a pure spam
host could be hard. This may well be true. But despite that, I'd bet that
Jeff or Chris could probably list off a dozen or hundred or so hosts that they
know quite well serve nothing except spammer domains. I fail completely to see
how matching on the ip for these known hosts can do anything but good, assuming
the ip lookup is limited to the resolved ips of urls found in the spam.
Loren
