[sniffer] Sniffer and SURBL

[Phillip Cohen]

How do you use both Sniffer and SURBL together? What else is required.
Phil
This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html

Re: [sniffer] Sniffer and SURBL

[Pete McNeil]

On Monday, January 10, 2005, 3:05:18 PM, Phillip wrote:

PC How do you use both Sniffer and SURBL together? What else is required.

On most platforms SNF is integrated through, or in front of other
anti-spam / anti-virus software. For example, SNF is frequently placed
in front of SpamAssassin, or integrated with IPswitch products through
Declude or mxGuard.

These tools now include a way to leverage SURBL and other URI based
blocking lists.

There is no way for SNF to directly tie into SURBL or any other
blocking list at this time.

Hope this helps,
_M




This E-Mail came from the Message Sniffer mailing list. For information and 
(un)subscription instructions go to 
http://www.sortmonster.com/MessageSniffer/Help/Help.html

Re[2]: [sniffer] Sniffer and SURBL

[Pete McNeil]

On Monday, January 10, 2005, 7:17:29 PM, Andrew wrote:

CA Pete, I thought that you had said at one point that SortMonster fetches
CA one or more SURBL zones and incorporates those as spam data for Message
CA Sniffer?

CA It seems like a great idea to me.  But then, from my distance, a lot of
CA things look like a good idea for someone else to implement!

That's not exactly how it works -

What we do is that our robots will look at some of the messages that
hit our spamtraps and if they find a URI that looks like a good choice
they will cross check it with SURBL.

More often than not we've already got the URI coded from our manual
work, but this robotic mechanism allows the rulebase to keep up minute
by minute - and since the email triggering this work has come in
through one of our spamtraps, it acts like an extra check - so those
listings that we do have tend to be very solid.

At some point we may bolt on some additional real-time lookups like
SURBL etc... but we don't have plans for that just yet, and most
installations already have these tools employed in other mechanisms
they are running, so it would be redundant for us to add it - at least
at this point.

Hope this helps,
_M




This E-Mail came from the Message Sniffer mailing list. For information and 
(un)subscription instructions go to 
http://www.sortmonster.com/MessageSniffer/Help/Help.html

RE: Re[2]: [sniffer] Sniffer and SURBL

[Colbeck, Andrew]

Thanks, Pete.

I was thinking that Sniffer's l33t ninja skillz would be well-used for
searching a large corpus of URIs, particularly the current bout of
spammers you and I mentioned before Xmas (the ones that are specifying
the domain name, not a URL, and which Sniffer is catching because of the
consistent instructions, regardless of the dynamically changing domain
names), as a URI filter might miss them because of obfuscation, or might
miss the real payload.  Sniffer would catch these URIs, because it only
cares about tokenized text, not whether that text was detected in a URL.

There would still be a place for both SURBL lookups and Sniffer in that
scenario, because they are refreshed on different schedules and have
independent spamtraps feeding them.

I wasn't thinking about Sniffer incorporating a real-time lookup; I
agree with your direction for the product.  For the reason you cited,
I'll go a little further and say that Sniffer would have to really break
out in a new direction to be worth implementing a real-time lookup of
some sort.

Andrew 8)

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Pete McNeil
Sent: Monday, January 10, 2005 4:58 PM
To: Colbeck, Andrew
Subject: Re[2]: [sniffer] Sniffer and SURBL


On Monday, January 10, 2005, 7:17:29 PM, Andrew wrote:

CA Pete, I thought that you had said at one point that SortMonster 
CA fetches one or more SURBL zones and incorporates those as spam data 
CA for Message Sniffer?

CA It seems like a great idea to me.  But then, from my distance, a lot

CA of things look like a good idea for someone else to implement!

That's not exactly how it works -

What we do is that our robots will look at some of the messages that hit
our spamtraps and if they find a URI that looks like a good choice they
will cross check it with SURBL.

More often than not we've already got the URI coded from our manual
work, but this robotic mechanism allows the rulebase to keep up minute
by minute - and since the email triggering this work has come in through
one of our spamtraps, it acts like an extra check - so those listings
that we do have tend to be very solid.

At some point we may bolt on some additional real-time lookups like
SURBL etc... but we don't have plans for that just yet, and most
installations already have these tools employed in other mechanisms they
are running, so it would be redundant for us to add it - at least at
this point.

Hope this helps,
_M




This E-Mail came from the Message Sniffer mailing list. For information
and (un)subscription instructions go to
http://www.sortmonster.com/MessageSniffer/Help/Help.html

This E-Mail came from the Message Sniffer mailing list. For information and 
(un)subscription instructions go to 
http://www.sortmonster.com/MessageSniffer/Help/Help.html