spamassassin-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Chan <>
Subject Re: Good Job Guys!!! - SpamCopURI
Date Sun, 04 Apr 2004 04:31:23 GMT
On Saturday, April 3, 2004, 8:04:39 PM, Marc Perkel wrote:
> I've been doing something like this for the last 2 years - but I've 
> built my own list and having to use Exim tricks to make it work. 
> Nonetheless - it was my best rule.

> Having said that - this new one works better. I'm sure that's because it 
> has a bigger URI list. So - just wanted to say - GOOD JOB! And - this 
> rule seriously moves SA forward a LOT!

Hi Marc,
Thanks for your feedback and kind words.  Do you happen to
have any stats handy that we could use to help convince people
to give this a try?

By the way, we had noticed your earlier comment on bugzilla that
your hand built URI lists were working well against spams:

> I've made some rules that blacklist based on specific hand build
> URIs and with about 150 that I test for I am really catching a lot of 
> spam and the accuracy of what is caught is almost 100%. I REALLY think 
> that the ability to somehow automatically generate a blacklist of URIs 
> of spam links will be a very effective spam control tool.

That was part of our justification for thinking this was a good
idea, so we owe you thanks for your earlier support of the idea.

We also owe Daniel Quinlan some thanks for responding in comment
#7 that setting up a new spam domain RBL would be a good way to
do this, which is what we did:   :-)

> Maintaining such a list inside of SpamAssassin is the wrong way to go.
> We can only afford to list URLs/hostnames that are particularly
> frequent.  The URLs change frequently, would need to be very numerous to
> be much more effective than what we have now, and we don't have the
> capacity to maintain so many.
> The best route would be for someone to create a new RBL (a domain-based
> one) with spam domains.  Perhaps even one that provided for some way to
> do look-ups of full or partial URIs (some type of encoding to allow URIs
> to be expressed in hostnames).  The list would need maintenance,
> specific policies for listing/delisting, etc. -- the usual stuff.

RBLs are pretty much for domains or IPs, so we're not doing
URIs (has anyone made an RBL serving up URIs?), but we feel
these domains can be powerful indicators of spam.

We expect to do some more tuning of the way the data is handled,
and I am building a new system to produce SURBL which will be more
streamlined and handle some new features.  We're also taking
advantage of some improvements in the data feed from SpamCop.

The current system will continue to run until the new one tests
well in parallel for a while.  Then we'll cut over to the new
system.  SURBL users should notice no difference other than
more persistence of larger spam domains, and probably more
domains on the list with no major increase in false positives.

Thanks again,

Jeff C.
Jeff Chan

View raw message