On Friday, June 3, 2005, 3:47:05 AM, Loren Wilton wrote: >>> If that statement is true, perhaps the surbl lists could automatically >>> include the dotquads for hosts ****that are known to be pure spam >>> sources**** and >>> not mixed systems. Then the client could get the ip for a suspect hostname >>> and see if it matched a known spam dotquad.
>> I'd swear this came up before. The one (slight?) problem with this tactic >> is >> that you can have too many FPs if a spammer targets a legit hosting >> operation. > I think there was a failure to read all the words in my original post. > I quite specifically suggested that listing ips should be limited to hosts > ****that are known to be pure spam sources****. If the host is ****KNOWN**** > to be purely spam (ie: it is owned and run > by the spammer), I fail completely to see how matching on the known IP for > that host can either target or hit innocent bystanders; or indeed bystanders > of any sort. > It might be argued that making the determination that a host is a pure spam > host could be hard. This may well be true. But despite that, I'd bet that > Jeff or Chris could probably list off a dozen > or hundred or so hosts that they know quite well serve nothing except spammer > domains. I fail completely to see how matching on the ip for these known > hosts can do anything but good, assuming the > ip lookup is limited to the resolved ips of urls found in the spam. > Loren It's possible to say some IPs are used in a lot of spam. Is it possible to say those IPs are only used in spam? Sure... if we were omniscient. ;-) Otherwise we don't know for certain whether there are innocent bystanders there. It's probably safer to list the URIs that are actually seen in spams than to blacklist IPs or networks. The question then becomes how to get them listed quickly, and if you see the link I provided you will note that we have a strategy for that which we will be trying RSN: http://www.surbl.org/faq.html#numbered Cheers, Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
