spamassassin-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From j.@jmason.org (Justin Mason)
Subject Re: Announcing SpamCopURI 0.08 support of SURBL for spam URI domain tests
Date Sat, 03 Apr 2004 00:10:20 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Jeff Chan writes:
> On Friday, April 2, 2004, 3:27:13 PM, Justin Mason wrote:
> > Jeff Chan writes:
> >> Does anyone have any data about the persistence of spam URI
> >> domains?  I'll even settle for any data about spam web server
> >> IP addresses.  :-)
> 
> > I've seen the same domain being used for several months.
> 
> Thanks much for the feedback. Can you cite some persistent
> spam domains?

530000x.com, 530000x.org, 530000x.net -- these stuck around
for quite a while before being dropped.   They're now almost
definitely not around any more ;)

> I'd like to check their histories against my data from SpamCop
> reporting.  We have enough history built up that I should be able
> to see if they would have fallen off my lists at certain points
> due to our relatively short expiration.  I might be able to use
> that information to tune the expirations better.
> 
> > BTW I would suggest a TTL in the list of at least 1 month for reported
> > URIs.  If you're worried about FPs hanging around for long, provide a very
> > easy removal method (e.g. web form or email). Don't bother trying to
> > assess the spamminess or otherwise of the requester, just remove the URL
> > ASAP (and log the action, of course).
> 
> > Side issue: why use easy removal without questions? Spammers do not have
> > the bandwidth to remove themselves from every list.  If they *do* go to
> > the bother, and a URL does get removed, then repeatedly crops up in spam
> > again, it should be raised as an alarm -- and possibly brought to the
> > notice of other people -- e.g. this list or others.
> 
> > If it really is a spammy URL and the spammer just keeps removing it, I'd
> > imagine the URL would be noted as such and quickly find its way into
> > systems that *don't* offer easy removal. ;)  If it isn't a spammy URL,
> > then you've saved yourself a lot of FPs and annoyed users, without
> > requiring much legwork on your part.
> 
> > Basically the philosophy is to make it easy for anyone to remove an
> > URL from the list.
> 
> It's a useful approach to know about.  I'm sure as I get more
> experience I'll be better able to make judgements about what
> can work best.  It definitely helps to have input from the
> "spam war veterans" so I appreciate it!

np ;)

- --j.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Exmh CVS

iD8DBQFAbgDsQTcbUG5Y7woRApqKAKCmxonGVplkIyB6ddREeyM6aAKbfQCgmstl
KP9y5iepKUnwPRff2sQF4E8=
=aZTO
-----END PGP SIGNATURE-----


Mime
View raw message