From: "Chris Santerre" <[EMAIL PROTECTED]>
> >-----Original Message-----
> >From: Loren Wilton [mailto:[EMAIL PROTECTED]
> >
> >>> If that statement is true, perhaps the surbl lists could
> >automatically
> >>> include the dotquads for hosts ****that are known to be
> >pure spam sources**** and
> >>> not mixed systems. Then the client could get the ip for a
> >suspect hostname
> >>> and see if it matched a known spam dotquad.
> >
> >> I'd swear this came up before. The one (slight?) problem
> >with this tactic is
> >> that you can have too many FPs if a spammer targets a legit hosting
> >> operation.
> >
> >I think there was a failure to read all the words in my
> >original post.
> >
> >I quite specifically suggested that listing ips should be
> >limited to hosts ****that are known to be pure spam
> >sources****. If the host is ****KNOWN**** to be purely spam
> >(ie: it is owned and run by the spammer), I fail completely to
> >see how matching on the known IP for that host can either
> >target or hit innocent bystanders; or indeed bystanders of any sort.
> >
> >It might be argued that making the determination that a host
> >is a pure spam host could be hard. This may well be true.
> >But despite that, I'd bet that Jeff or Chris could probably
> >list off a dozen or hundred or so hosts that they know quite
> >well serve nothing except spammer domains. I fail completely
> >to see how matching on the ip for these known hosts can do
> >anything but good, assuming the ip lookup is limited to the
> >resolved ips of urls found in the spam.
> >
> > Loren
>
> Loren is correct. And Jeff and I have had this conversation many times.
Jeff
> would rather not risk the FPs by doing it. I can see his point. But I
agree
> with Loren that we have IPs that are pure spam.
One tiny quibble. For each machine blocked there is perhaps one whole
internal site that is blocked as well. But it means that site is
throwing spam out to the universe and the company doing it or the
individual doing it should stop the practice or take back ownership
of their machine. THEY might consider themselves "innocent victims."
But it's the only way if they have one bad egg in their company or
an infected computer. Either way they really have no solid claim
on any innocence they may profess.
{^_^}
