Thanks, Pete. I was thinking that Sniffer's l33t ninja skillz would be well-used for searching a large corpus of URIs, particularly the current bout of spammers you and I mentioned before Xmas (the ones that are specifying the domain name, not a URL, and which Sniffer is catching because of the consistent instructions, regardless of the dynamically changing domain names), as a URI filter might miss them because of obfuscation, or might miss the real payload. Sniffer would catch these URIs, because it only cares about tokenized text, not whether that text was detected in a URL.
There would still be a place for both SURBL lookups and Sniffer in that scenario, because they are refreshed on different schedules and have independent spamtraps feeding them. I wasn't thinking about Sniffer incorporating a real-time lookup; I agree with your direction for the product. For the reason you cited, I'll go a little further and say that Sniffer would have to really break out in a new direction to be worth implementing a real-time lookup of some sort. Andrew 8) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil Sent: Monday, January 10, 2005 4:58 PM To: Colbeck, Andrew Subject: Re[2]: [sniffer] Sniffer and SURBL On Monday, January 10, 2005, 7:17:29 PM, Andrew wrote: CA> Pete, I thought that you had said at one point that SortMonster CA> fetches one or more SURBL zones and incorporates those as spam data CA> for Message Sniffer? CA> It seems like a great idea to me. But then, from my distance, a lot CA> of things look like a good idea for someone else to implement! That's not exactly how it works - What we do is that our robots will look at some of the messages that hit our spamtraps and if they find a URI that looks like a good choice they will cross check it with SURBL. More often than not we've already got the URI coded from our manual work, but this robotic mechanism allows the rulebase to keep up minute by minute - and since the email triggering this work has come in through one of our spamtraps, it acts like an extra check - so those listings that we do have tend to be very solid. At some point we may bolt on some additional real-time lookups like SURBL etc... but we don't have plans for that just yet, and most installations already have these tools employed in other mechanisms they are running, so it would be redundant for us to add it - at least at this point. Hope this helps, _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html