Since URI are a subset of the SNF rulebase it's not unlikely that there would be quite a bit of overlap. The key differences would be that SNF does not use any network resources to look up the URI and SNF does not waste any time examining URI that are not known to be seen in spam --
One of the countermeasures spammers use against SURBL is to include a large number of URI that point to legitimate sources. SURBL type mechanisms have no way of knowing which URI are legitimate and which ones may be "payload" so they waste a good deal of effort looking up URI that don't matter (often with ratios of 10:1 or more). SNF already knows what it is looking for and it ignores the rest. The use of URI data for tagging spam is always very effective. We've used it since the beginning :-) _M On Tuesday, December 28, 2004, 10:14:47 AM, Markus wrote: MG> based on 10, 100 or 1000 messages? MG> � MG> Markus MG> From: [EMAIL PROTECTED] MG> [mailto:[EMAIL PROTECTED] On Behalf Of Frederick MG> Samarelli MG> Sent: Tuesday, December 28, 2004 4:03 PM MG> To: [email protected] MG> Subject: Re: [Declude.JunkMail] URI Blacklist External MG> Program Beta Now Posted For Download MG> It looks like it may be a redundant test to sniffer. MG> � MG> Everything INV-URIBL catches so does SNIFFER. MG> � MG> Fred MG> ----- Original Message ----- MG> From: Darrell ([EMAIL PROTECTED]) MG> To:[email protected] MG> Sent: Monday, December 27, 2004 10:32 PM MG> Subject: [Declude.JunkMail] URI Blacklist External MG> Program Beta Now Posted For Download MG> We have released a public�beta of our URI�lookup tool at MG> http://www.invariantsystems.com/invuribl/default.htm.��In MG> addition, we have�posted some stats on how effective the tool is MG> on our system at MG> http://www.invariantsystems.com/invuribl/stats.htm. MG> � MG> For a more detailed description on the tool please see MG> the below message or send me a note with any questions. MG> Darrell MG> ----- Original Message ----- MG> From: Darrell ([EMAIL PROTECTED]) MG> To:[email protected] MG> Sent: Wednesday, December 22, 2004 11:13 PM MG> Subject: URI Blacklist External Program MG> We have wrote an external application that extracts MG> URI's�from a message and checks them�against a URI MG> Blacklist.�For those not familar with URI blacklists here MG> is how the folks at surbl.org describe it. MG> � MG> "Surbl�blacklists�differ from most other RBLs in that MG> they're used to detect spam based on message body URIs (usually MG> web sites). Unlike most other RBLs, SURBLs are not used to MG> block spam senders. Instead they allow you to block messages that MG> have spam domains which occur in message bodies. " MG> � MG> We have been running this application in production MG> for the last�week against multi.surbl.org.� We have also MG> tested the application against several of the other SURBL lists MG> with the same level of�sucess. MG> � MG> If you are interested in testing or running the MG> software please join the following list MG> [EMAIL PROTECTED] During the MG> beta period this is where we will be communicating about the MG> application.� For some of the applications basic features and MG> implementation requirements please see MG> http://www.invariantsystems.com/invuribl/default.htm.� We MG> expect to release a beta version within the next couple MG> days. MG> � MG> If you would like any additional information prior to MG> joining the list please let me know, MG> Darrell MG> � MG> ------------------------------------------- MG> Check out http://www.invariantsystems.com for utilities for MG> Declude And Imail.� IMail/Declude Overflow Queue MG> Monitoring, MRTG Integration, and Log Parsers. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
