Here's the original proposed announcement for the additional SURBL built from Bill's data. We can rename sa to sb or something else, but what other changes would anyone recommend before I post it to sa-users for example?
Jeff C. __ http://www.surbl.org/ (with some live links) New! More SURBL lists In addition to the first SpamCop URI-derived RBL sc.surbl.org, we are pleased to host another RBL compatible with the above plugins (or any other software that can check message body domains against an RBL). Data for the second SURBL sa.surbl.org comes from the domains in Bill Stearns' SpamAssassin blacklist: sa-blacklist. This is a large list of spam domains, including those found in spam message body URIs. Both sa.surbl.org and sc.surbl.org SURBLs can be used in the same SA installation by using two sets of rules. An SA 2.63 rule and score using SpamCopURI (but not the SpamCop data!) looks like this: uri SA_URI_RBL eval:check_spamcop_uri_rbl('sa.surbl.org','127.0.0.2') describe SA_URI_RBL URI's domain appears in spamcop database at sa.surbl.org tflags SA_URI_RBL net score SA_URI_RBL 4.0 An SA 3.0 rule and score using URIBL's urirhsbl looks like this: urirhsbl URIBL_SA_SURBL sa.surbl.org. A header URIBL_SA_SURBL eval:check_uridnsbl('URIBL_SA_SURBL') describe URIBL_SA_SURBL Contains a URL listed in the SA SURBL blocklist tflags URIBL_SA_SURBL net score URIBL_SA_SURBL 4.0 More details about sa.surbl.org are available in the section "Additional SURBLs for spam URI testing." ... Additional SURBLs for spam URI testing Additional SURBLs that list domains occurring in spam message bodies may be used with the same routines that use the sc.surbl.org RBL. sa-blacklist available as RBL: sa.surbl.org In cooperation with Bill Stearns, SURBL is making his sa-blacklist SpamAssassin blacklist available as the RBL sa.surbl.org. It can be used in the same way as sc.surbl.org, for example by adding urirhsbl and SpamCopURI rules as described in the Quick Start section at the top of this document. Like sc, sa.surbl.org is available through DNS and, for large-volume mail servers, as rsynced BIND and rbldns zone files. Raymond Dijkxhoorn has graciously agreed to host the sa.surbl.org zone files from his rsync server along with sc.surbl.org's. Please contact him at [EMAIL PROTECTED] for rsync access. Both sc and sa RBLs can be used in the same installation. The choice of using either or both or none is yours. Their data differs somewhat, and we'll try to briefly describe and link some of the differences here. Bill's list is rather large at about 9600 domains. It consists of domains found in spam message body URIs and some spam sender and spam operator domains. Given that the former are more relevant to isolate these days, most of the recent additions to Bill's list have been URI domains. Those are also the domains most relevant for use with the message body checking approach which we propose throughout this site. The data in sa-blacklist and therefore sa.surbl.org differ from the SpamCop URI report data described above in that the list is about ten times larger, more stable, and may have a slightly higher false positive rate. Bill's policy for inclusion and cleaning of the sa-blacklist is quite sound, however, so folks should feel comfortable giving this list a try in addition to the sc list. sa may currently have a higher spam detection rate than sc, but it's worth mentioning that the current sc is a working prototype and that we expect the performance of sc to improve as we tune the sc data engine further. sc just got out of the gate, yet it already has some worthy competition in sa. Thanks Bill! Because sa is larger and more stable, the zone files for it gets a six hour TTL compared to 10 minutes for sc. Due to the differences between the time scales, sizes, and data sources of sa and sc, we probably won't be offering a combined sa plus sc list. For example it would be difficult to say what TTL a merged list should get, and you probably would not want a megabyte plus BIND zone file refreshing every 10 minutes. For those using rsynced zone files that would probably not be an issue, but for those using BIND, the DNS traffic quite well could be. We encourage you to give sa.surbl.org a try. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
