Return-Path: Delivered-To: apmail-incubator-spamassassin-dev-archive@www.apache.org Received: (qmail 53327 invoked from network); 3 Apr 2004 00:10:35 -0000 Received: from daedalus.apache.org (HELO mail.apache.org) (208.185.179.12) by minotaur-2.apache.org with SMTP; 3 Apr 2004 00:10:35 -0000 Received: (qmail 66810 invoked by uid 500); 3 Apr 2004 00:10:21 -0000 Delivered-To: apmail-incubator-spamassassin-dev-archive@incubator.apache.org Received: (qmail 66615 invoked by uid 500); 3 Apr 2004 00:10:20 -0000 Mailing-List: contact spamassassin-dev-help@incubator.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: list-post: List-Id: "SpamAssassin Development" Delivered-To: mailing list spamassassin-dev@incubator.apache.org Received: (qmail 66595 invoked from network); 3 Apr 2004 00:10:19 -0000 Received: from unknown (HELO amgod.boxhost.net) (195.218.96.101) by daedalus.apache.org with SMTP; 3 Apr 2004 00:10:19 -0000 Received: from radish.jmason.org (localhost [127.0.0.1]) by amgod.boxhost.net (Postfix) with ESMTP id 75263310235; Sat, 3 Apr 2004 01:10:44 +0100 (IST) Received: by radish.jmason.org (Postfix, from userid 1000) id CBBCA59001D; Fri, 2 Apr 2004 16:10:21 -0800 (PST) Received: from jmason.org (localhost [127.0.0.1]) by radish.jmason.org (Postfix) with ESMTP id C44F057C056; Fri, 2 Apr 2004 16:10:21 -0800 (PST) To: Jeff Chan Cc: SpamAssassin Developers Subject: Re: Announcing SpamCopURI 0.08 support of SURBL for spam URI domain tests In-Reply-To: <384520781.20040402155231@supranet.net> From: jm@jmason.org (Justin Mason) X-Gpg-Key-Fingerprint: 0A48 2D8B 0B52 A87D 0E8A 6ADD 4137 1B50 6E58 EF0A X-Habeas-Swe-1: winter into spring X-Habeas-Swe-2: brightly anticipated X-Habeas-Swe-3: like Habeas SWE (tm) X-Habeas-Swe-4: Copyright 2002 Habeas (tm) X-Habeas-Swe-5: Sender Warranted Email (SWE) (tm). The sender of this X-Habeas-Swe-6: email in exchange for a license for this Habeas X-Habeas-Swe-7: warrant mark warrants that this is a Habeas Compliant X-Habeas-Swe-8: Message (HCM) and not spam. Please report use of this X-Habeas-Swe-9: mark in spam to . Date: Fri, 02 Apr 2004 16:10:20 -0800 Sender: jm@jmason.org Message-Id: <20040403001021.CBBCA59001D@radish.jmason.org> X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jeff Chan writes: > On Friday, April 2, 2004, 3:27:13 PM, Justin Mason wrote: > > Jeff Chan writes: > >> Does anyone have any data about the persistence of spam URI > >> domains? I'll even settle for any data about spam web server > >> IP addresses. :-) > > > I've seen the same domain being used for several months. > > Thanks much for the feedback. Can you cite some persistent > spam domains? 530000x.com, 530000x.org, 530000x.net -- these stuck around for quite a while before being dropped. They're now almost definitely not around any more ;) > I'd like to check their histories against my data from SpamCop > reporting. We have enough history built up that I should be able > to see if they would have fallen off my lists at certain points > due to our relatively short expiration. I might be able to use > that information to tune the expirations better. > > > BTW I would suggest a TTL in the list of at least 1 month for reported > > URIs. If you're worried about FPs hanging around for long, provide a very > > easy removal method (e.g. web form or email). Don't bother trying to > > assess the spamminess or otherwise of the requester, just remove the URL > > ASAP (and log the action, of course). > > > Side issue: why use easy removal without questions? Spammers do not have > > the bandwidth to remove themselves from every list. If they *do* go to > > the bother, and a URL does get removed, then repeatedly crops up in spam > > again, it should be raised as an alarm -- and possibly brought to the > > notice of other people -- e.g. this list or others. > > > If it really is a spammy URL and the spammer just keeps removing it, I'd > > imagine the URL would be noted as such and quickly find its way into > > systems that *don't* offer easy removal. ;) If it isn't a spammy URL, > > then you've saved yourself a lot of FPs and annoyed users, without > > requiring much legwork on your part. > > > Basically the philosophy is to make it easy for anyone to remove an > > URL from the list. > > It's a useful approach to know about. I'm sure as I get more > experience I'll be better able to make judgements about what > can work best. It definitely helps to have input from the > "spam war veterans" so I appreciate it! np ;) - --j. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Exmh CVS iD8DBQFAbgDsQTcbUG5Y7woRApqKAKCmxonGVplkIyB6ddREeyM6aAKbfQCgmstl KP9y5iepKUnwPRff2sQF4E8= =aZTO -----END PGP SIGNATURE-----