Re: [Declude.JunkMail] Topica and SBL

[Matt]

This took actual research to figure out :)  Topica is absolutely a spam house, and I wouldn't be at all surprised to see them populating their database with addresses and list demographics from Topica.com.  Many of the lists that Topica sends out are auto-subscribed to by a bot that they operate, so they are merely re-distributing much of the content. Here's the SBL evidence file for the main Topica block: http://www.spamhaus.org/sbl/sbl.lasso?query=SBL12236 Here's one of their blocks that I have blacklisted: http://www.senderbase.org/search?searchString=66.180.244.0%2F25 Here's a nice evidence file from Google:     http://groups.google.com/groups?q=topica.com+group:*abuse*&start=10&hl=en&lr=&ie=UTF-8&scoring=d&selm=e1e3rvkq62pvs1mi997tamhk701s571m5a%40thor.wirehub.nl&rnum=12 Here's what happens with their unconfirmed list subscriptions (4-9 year old child porn list memberships):     http://groups.google.com/groups?q=topica.com+group:*abuse*&start=20&hl=en&lr=&ie=UTF-8&scoring=d&selm=200310170813.h9H8DauA024020%40jupiter.gwalter.demon.co.uk&rnum=22 The SBL listing as well as Google Groups suggests strongly that they are using their list business as a part of their address collection, or in the very least they don't hardly at all practice a foolproof method of verifying memberships in their lists as fake addresses get subscribed, and on person even complained about getting subscribed to something like 28 of their lists all at once as suspected retribution for something, hearsay of course, but there's lots more, 5,480 matches in abuse newsgroups in fact. Topica -> http://groups.google.com/groups?hl=en&lr=&ie=ISO-8859-1&scoring=d&q=Topica+group%3A*abuse*&btnG=Google+Search And some other abuse newsgroup hits: tpca.net -> http://groups.google.com/groups?scoring=d&q=tpca.net+group:*abuse* servitall.com -> http://groups.google.com/groups?scoring=d&q=Servitall.com+group:*abuse* pl00.com -> http://groups.google.com/groups?scoring=d&q=pl00.com+group:*abuse* These guys clearly front their listserv business as a way to enable their spam operations, and spamming listserv operators take advantage of their policies in order to gain entry into your system.  How could you possibly want to let this stuff into your server? As far as the other SBL FP's that you said you have relating to personal E-mail, I'd be very curious as to what the SBL listing said in relation.  SBL has an FP rate that far exceeds my own on my system.  I'd drop them substantially in weighting if I felt that their standards were lacking. Matt Bill Landry wrote: Matt, legitimate messages are legitimate no matter the source that they come from, would you not agree with this?  You would have deleted all of these messages, as well the other dozen or so legitimate personal messages I found.  I don't see any credibility in your position here that it is okay to delete legitimate messages based on where they are delivered from.   Bill ----- Original Message ----- From: Matt To: [EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 9:45 AM Subject: Re: [Declude.JunkMail] SpamD/SpamC for Declude Bill, It appears that your entire list is from one source, Topica. Search the archives for a discussion of Topica, how their lack of message list verification results in lots of spam, and how they are also a spam house, even sending spam from the same block of IP's.  I thought this was an FP at first, but this is more of the malware variety.  There's a good reason for Topica to be listed.  I've explained this one caveat many times here, but a spam house is a spam house in my book. You should have explained with your stats how these were mostly or even all from the same source :) Matt Bill Landry wrote: ----- Original Message ----- From: Matt I think that I've pointed out the caveats many times over on blocking with SBL. SBL is though more accurate than my system as a whole, and I have never seen a true false positive with it. I've asked this several times; has anyone ever seen a false positive with SBL? I've not ever received a single reply to that question, though this is the 3rd time I've asked it now. Because people didn't respond doesn't mean anything. All RBLs produce false-positives. How could they not, they are run by humans. I think your advice is well founded, however it is a generalization and exceptions may apply. There are no exceptions when it comes to anything run by humans, there WILL be errors. Just from yesterdays logs, legitimate mailing list messages blocked by SBL: 20 Subject: RE: [MS SMS] What are YOU doing to remove spyware? 2004 Edition 19 Subject: RE: [MS SMS] OT: Football 12 Subject: RE: [myOT] Alias 10 Subject: RE: [MS SMS] SMS 2003: WMI 9 Subject: RE: [MS SMS] Installing a DP over the wire..... 9 Subject: RE: [myOT] MMS 2004 7 Subject: RE: [MS SMS] VBS Question 6 Subject: RE: [myOT] Stargate season opener tonight... 5 Subject: RE: [MS SMS] Central Site 5 Subject: RE: [MS SMS] Error in scan tool 4 Subject: RE: [MS SMS] ROI for 2003 4 Subject: RE: [MS SMS] SMS 2: Clients failed to connect to APM server 4 Subject: RE: [MS SMS] XP clients 3 Subject: RE: [MS SMS] SMS and Tablet PC 3 Subject: RE: [MS SMS] SMS on VMWare 3 Subject: RE: [MS SMS] SMS2003 - How to re-trigger advertisement on client 2 Subject: RE: [MS SMS] MakeColl.exe for SMS 2003? 2 Subject: RE: [MS SMS] OT: Anyone from the UK going to the MMS? 2 Subject: RE: [MS SMS] OT: Read Receipts on List messages 2 Subject: RE: [MS SMS] SMS SUSFP Updates 2 Subject: [MS SMS] XP clients 1 Subject: RE: [myOT] New Bill and Monica pics... 1 Subject: RE: [MS SMS] advanced client prestaging 1 Subject: RE: [MS SMS] FW: Clarification on recent email from Shavlik Technologies 1 Subject: RE: [MS SMS] FW: Clarification on recent email from Shavlik Technologies 1 Subject: RE: [MS SMS] FW: Clarification on recent email from Shavlik Technologies 1 Subject: RE: [MS SMS] Security scan tool upgrade 1 Subject: RE: [MS SMS] SMS 2003 MP problem 1 Subject: RE: [MS SMS] SMS Office Updates 1 Subject: RE: [MS SMS] SUS Distribute software updates wizard doesn't show up 1 Subject: NWCYCLING: FW: 2004 Mt. Hood Cycling Classic 1 Subject: NWCYCLING: USCF Rulebook 2004 Changes - online 1 Subject: NWCYCLING: WSBA Junior Informational Meeting Tonight 1 Subject: MEDITECH Issue PP #3714704 - Open 1 Subject: [partb-l] HCPCS codes 1 Subject: [NPinfo] Interesting article on the physician shortage. 1 Subject: [myOT] Test 1 Subject: [myOT] Alias 1 Subject: [MS SMS] VBS Question 1 Subject: [MS SMS] SUS Distribute software updates wizard doesn't show up 1 Subject: [MS SMS] SMS2003 - How to re-trigger advertisement on client 1 Subject: [MS SMS] SMS Office Updates 1 Subject: [MS SMS] SMS and Tablet PC 1 Subject: [MS SMS] SMS 2003: WMI 1 Subject: [MS SMS] SMS 2003 Bug 1 Subject: [MS SMS] ROI for 2003 1 Subject: [MS SMS] Query help needed 1 Subject: [MS SMS] OT: Read Receipts on List messages 1 Subject: [MS SMS] OT: Guest Account 1 Subject: [MS SMS] OT: Anyone from the UK going to the MMS? 1 Subject: [MS SMS] MakeColl.exe for SMS 2003? 1 Subject: [MS SMS] Installing a DP over the wire..... 1 Subject: [MS SMS] Holy Replicating Servers Batman! 1 Subject: [MS SMS] Couple backup questions 1 Subject: [MS SMS] Central Site 1 Subject: [MS SMS] Adobe Acrobat 6 Deployment I also found at least a dozen personal messages that were flagged by SBL, but were delivered anyway because of the way we weight our tests. Again, this is just from yesterday. Instead of applying a huge weight to a single test, why not apply a small weight to may tests? That way you at least get corroboration from multiple tests, thus negating the human factor. Bill --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ ===================================================== -- ===================================================== MailPure custom filters for Declude JunkMail Pro. http://www.mailpure.com/software/ =====================================================