On Wednesday, May 27, 2009, 1:39:11 AM, Justin Mason wrote:
Yes. it immediately exposes a backchannel from the spam to the spammer,
thereby enabling a number of interesting security holes.
--j.
Yes, it's impractical for some of the reasons Rob mentions, and
it would also allow any of the
a link for some known
spam URLs. I suspect they are indeed doing SURBL lookups. Hope I didn't
end up blacklisting myself :-}
Yes, tinyurl and several other URL shortening services use SURBL
data to fight abuse of their services:
http://www.surbl.org/redirect.html
Jeff C.
--
Jeff Chan
mailto:je
As I understand it, as soon as rules are published, some of the
senders of unsolicited messages immediately change their behavior
to defeat or bypass the rules, so publishing them is somewhat
counterproductive.
Cheers,
Jeff C.
--
Jeff Chan
mailto:je...@surbl.org
http://www.surbl.org/
Quoting Giampaolo Tomassoni [EMAIL PROTECTED]:
Dears,
well, I just did version 0.01 of the URIWhois plugin.
Its purpose is mainly to detect some spam containing URIs to sites in
brand-new domains, or having some conflict in whois and dns records, or
being driven by specific dns servers.
Quoting Giampaolo Tomassoni [EMAIL PROTECTED]:
How do they handle these domains in a centralized way? Do they simply
relay a whois request for not-yet-seen domains? Because in this case they
have to tune their whois parsers a bit: dob.sibl.support-intelligence.net,
in example, reports both
Quoting Giampaolo Tomassoni [EMAIL PROTECTED]:
the issue covered by the
URIWhois plugin would be much more efficiently solved by a centralized
solution, in which someone gathers registration data from registars (maybe
even not through whois, but through direct db access) and then publics this
Quoting Giampaolo Tomassoni [EMAIL PROTECTED]:
I think there is a lot of people in this list who runs a small business like
mine, and who may benefit from using the URIWhois plugin with no negative
consequences. The others, well, they have influence and resources to spend
in a centralized
Quoting Bret Miller [EMAIL PROTECTED]:
Perhaps rather than arguing about whether we'd all get blocked by running
this, it would be more productive to lobby a registrar to provide the data
in rsynch-able form to URIBL or SURBL where DNS infrastructure could be used
to make the data available
Quoting Jonas Eckerman [EMAIL PROTECTED]:
(The idea below is not mine, someone else (I'm sorry, but I
forgot who) wrote about it here (I think) before.)
Giampaolo Tomassoni wrote:
brand-new domains,
Something that could work for this without the problems inherent
in using whois or
Quoting Kenneth Porter [EMAIL PROTECTED]:
--On Thursday, September 27, 2007 7:05 PM +0200 Giampaolo Tomassoni
[EMAIL PROTECTED] wrote:
The only problem is that a spammer could query it days before it will
bulk send, thereby impairing the effectiveness of such approach.
I think we need
Quoting John Rudd [EMAIL PROTECTED]:
R.Smits wrote:
Hello,
Which spam blacklists do you use in your MTA config. (postfix)
smptd_client_restrictions
Currently we only use : reject_rbl_client list.dsbl.org
We let spamassassin fight the rest of the spam. But the load of spam is
Quoting Richard Smits [EMAIL PROTECTED]:
Thanks for all the advice.. I think we will be using spamhaus. I am
running a test and it blocks a lot of spam. Currently I use the
sbl.spamhaus and pbl.spamhaus
Is this wise, or should I also use the xbl and switch to zen.spamhaus?
Please do not
Quoting Skip [EMAIL PROTECTED]:
I am not certain how anyone can claim that they have no FPs running through
those services unless they have prior knowledge of every inbound email.
That is impossible. My company deals with on the order of thousands of
companies and multiple times that in
Quoting R.Smits [EMAIL PROTECTED]:
Jeff Chan wrote:
Quoting Richard Smits [EMAIL PROTECTED]:
Thanks for all the advice.. I think we will be using spamhaus. I am
running a test and it blocks a lot of spam. Currently I use the
sbl.spamhaus and pbl.spamhaus
Is this wise, or should I
Quoting mouss [EMAIL PROTECTED]:
If they really run a normal MTA, and if that is authorized by their
ISP, then they should ask to be unlisted. (They should also get a
meaningful reverse DNS so that they can be identified).
Otherwise, they should relay via their ISP...
Indeed, one of the
Quoting Chris 'Xenon' Hanson [EMAIL PROTECTED]:
[...]
X-Spam-Status: Yes, hits=4.4 required=4.0
X-Spam-Level:
X-Spam-Report: SA TESTS
0.1 FORGED_RCVD_HELO Received: contains a forged HELO
0.1 HTML_40_50 BODY: Message is 40% to 50% HTML
0.0 HTML_MESSAGE
Quoting Mark Wendt (Contractor) [EMAIL PROTECTED]:
I've started seeing some spam come through that gets labeled with
RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/;,
which imparts a negative score if the relay is listed in their
db. Here at the Lab, we have an email gateway at
Quoting Matt Kettler [EMAIL PROTECTED]:
cpayne wrote:
Robert Braver wrote:
Hello Payne,
On Wednesday, October 17, 2007, 9:08:53 PM, you wrote:
c I am getting a lot mail which I know is from a mail program use by
c spammers, called the bat.
Yea, I did a search. And found you
Quoting Alan Morgan [EMAIL PROTECTED]:
Hi,
We use SPAM Assassin in Silverpop. We have been having a tough time with
the messages and results after running SPAM A. Can someone help? We want a
guide of definitions.
The latest we got is 2.2 REMOVE_BEFORE_LINK BODY: Removal phrase
Quoting Joey [EMAIL PROTECTED]:
I am currently running SA 3.2.3 compiled from cpan.
I have a situation where CPU is just going through the roof on just a few
messages and I really can't tell what part of SA is the slow down.
[...]
Here is a list of files in each of my SA folders as well as
Quoting Matt Kettler [EMAIL PROTECTED]:
[18696] dbg: config: read file /etc/mail/spamassassin/blacklist-uri.cf
[18696] dbg: config: read file /etc/mail/spamassassin/blacklist.cf
Ditch blacklist and blacklist-uri. These two are well known ways to
kill spamassassin on all but the absolute
Quoting Matt Kettler [EMAIL PROTECTED]:
Justin Mason wrote:
OK, we really need to figure out some way to kill these FAQs off. Every
week, someone asks a question about why SpamAssassin is killing their
server, and most of the time the answer is stop using blacklist.cf and
Quoting Jean-Marc Liotier [EMAIL PROTECTED]:
I am looking for a way to weed out referrer spam from Apache logs and Awstats
data files. I have seen some tools, but they rely on static blacklist -
often very small ones, rarely maintained. It just occurs to me that this is
a perfect job for
Quoting Justin Mason [EMAIL PROTECTED]:
Theo Van Dinter writes:
On Wed, Jan 09, 2008 at 11:18:40PM +0100, Yet Another Ninja wrote:
util_rb_2tld googlepages.com
in local.cf will alllow black.uribl.com to match the listed googlepages
sites
To note, what this option really does is change
Quoting Yet Another Ninja [EMAIL PROTECTED]:
On 1/10/2008 11:13 AM, Jeff Chan wrote:
Quoting Justin Mason [EMAIL PROTECTED]:
Theo Van Dinter writes:
On Wed, Jan 09, 2008 at 11:18:40PM +0100, Yet Another Ninja wrote:
util_rb_2tld googlepages.com
in local.cf will alllow black.uribl.com
Quoting Yet Another Ninja [EMAIL PROTECTED]:
On 1/10/2008 11:13 AM, Jeff Chan wrote:
Quoting Justin Mason [EMAIL PROTECTED]:
Theo Van Dinter writes:
On Wed, Jan 09, 2008 at 11:18:40PM +0100, Yet Another Ninja wrote:
util_rb_2tld googlepages.com
in local.cf will alllow black.uribl.com
Quoting Jai Gupta [EMAIL PROTECTED]:
My server has 8GB of ram, around 4 GB is currently used by spamassassin (too
many process of /usr/bin/perl -T /usr/local/psa/admin/sbin/spammng -c -C
--max-children=1 start).
Is this normal? Can I somehow limit the process concurrency of spamassassin
or I
Quoting Justin Mason [EMAIL PROTECTED]:
the redirect detection should have no problem finding that...
And the redirected-to domain is on two SURBL blacklists, so it should
be hitting.
Jeff C.
Loren Wilton writes:
I guess btnl is no longer working. Now they are doing a redirect:
Quoting ram [EMAIL PROTECTED]:
I had read about the whois plugin into SA. But I cant seem to find it
now Can someone tell me how do I install this
I beleive that could be a very effective idea to score on domain names
who have bad registrars
Every hour hundreds of domains get registered
Quoting Matt Kettler [EMAIL PROTECTED]:
The only big difference I see at face value is it uses whois instead of
DNS to find the NS records.. that hardly seems efficient..
Whois is definitely the wrong protocol to use for automated testing,
especially for any high volumes. It was not
Quoting Matt Kettler [EMAIL PROTECTED]:
Matt Kettler wrote:
Giampaolo Tomassoni wrote:
It doesn't use whois *instead of* dns. It uses both and attempts even to
detect any discrepancy between their responses.
Both types of queries can cause problems.
How are these going to be different??
Quoting Giampaolo Tomassoni [EMAIL PROTECTED]:
From: Jeff Chan [mailto:[EMAIL PROTECTED]
Yes, delegation is the other, more usual, way that the nameserver in
the whois and TLD root server may differ. Some spammers do make use
of a lot of delegation, more than usual and sometimes in long
Quoting Giampaolo Tomassoni [EMAIL PROTECTED]:
Please note that one generally can't issue a DNS request to a specific
server from SA, since its resolver engine only uses the globally-defined DNS
server(s). Thereby, in the common case I should get the NSes published by
root servers, which should
Quoting Jeff Chan [EMAIL PROTECTED]:
Quoting Giampaolo Tomassoni [EMAIL PROTECTED]:
The TLD root servers delegate the control of the II level domain to the NS
servers defined at registration time. That is delegation. But from there,
warping the entire domain to different NSes
Quoting Giampaolo Tomassoni [EMAIL PROTECTED]:
-Original Message-
From: Jeff Chan [mailto:[EMAIL PROTECTED]
Sent: Saturday, January 26, 2008 12:23 PM
Quoting Jeff Chan [EMAIL PROTECTED]:
Quoting Giampaolo Tomassoni [EMAIL PROTECTED]:
The TLD root servers delegate the control
Quoting Jeff Chan [EMAIL PROTECTED]:
DNS works by delegation from parent zones to child zones.
Or more generally from one zone to another. DNS is built on
delegation. Some spammers abuse delegation in unusual ways, but not
all unusual delegation is abuse.
Jeff C.
Quoting Giampaolo Tomassoni [EMAIL PROTECTED]:
From: Jeff Chan [mailto:[EMAIL PROTECTED]
There are lots of legitimate reasons to delegate zones, for example,
migration to a new nameserver. I suggest you ask someone who runs
major nameservers. I have.
This is a temporary solution. Later you
Quoting Giampaolo Tomassoni [EMAIL PROTECTED]:
From: Jeff Chan [mailto:[EMAIL PROTECTED]
Sometimes it's temporary, sometimes it's not. Sometimes temporary
solutions remain in place for many years.
Then you're not obeying to the agreements with your registrar.
Delegation is a primary
Quoting Justin Mason [EMAIL PROTECTED]:
Per Jessen writes:
Check this out
http://jessen.ch/files/spam55.txt
It's a typical spam-email with a single gif advertising drugs. The gif
is loaded from a website which is listed by uribl.com.
The emails has hrefs to the following '.com'
Quoting David Zinder [EMAIL PROTECTED]:
I think my problem is related to surbl.org, but I can't figure out how
to reach them. list.surbl.org times out, and has for several weeks.
I had been using Spamassassin 3.1.5 under RHEL 3. Works great, until
Jan 1, 2008. I started getting false
Quoting mouss [EMAIL PROTECTED]:
giga328 wrote:
Hi Anthony,
I will ask people from MailScanner also but for my email system is not
possible to use MailScanner directly so I'm using spamd. My question is
about lowering chances for false positives by having safe list from
MailScanner. But since
Quoting giga328 [EMAIL PROTECTED]:
Thank you Jeff and Anthony.
If I'm right, there is big possibility for SpamAssassin to mark as spam some
email from for example doubleclick or other companies if there is
personalized URL in it because it can look like spam or even like phishing.
If I'm
Quoting Per Jessen [EMAIL PROTECTED]:
Matt Kettler wrote:
For some reason one of my domains has all of a sudden been listed in
the above listed db. Which is rather ironic since there are only 3
active accounts at this domain. 1 used for a couple of mailing lists,
1 - postmaster (inbound email
Also, the sa-blacklist inclusion policy is at:
http://www.stearns.org/sa-blacklist/README.policy
Jeff C.
Quoting Sean Kennedy [EMAIL PROTECTED]:
Sorry for replying to my own topic, but I've figured out what's causing
it to go so slow.
It's the rules in sa-blacklist.current.uri.cf from
http://www.sa-blacklist.stearns.org/sa-blacklist/sa-blacklist.current.uri.cf.
This ruleset works fine in 3.1,
If you think blacklists should be free, then you should set up your
own, spend thousands of hours per year on it, undergo constant threats
of DDOs or worse, and listen to complaints if you dare to consider
being partially paid for your work.
Jeff C.
Quoting ploppy [EMAIL PROTECTED]:
i enabled SA on one of my accounts and since disabling, no mails for that
account are being received. i did tail -f /var/log/exim_mainlog and they are
showing as completed, but they are not being delivered. they are not even in
th mail que. i am using exim
Quoting Rocco Scappatura [EMAIL PROTECTED]:
I have looked at the SURBL site. If I have well understood I have to
enable only the plugin with loadPlugin.
Then I have to use the command 'urirhssub' of the plugin URIDNSBL to
specify that I want to use SURBLs:
urirhssub URIBL_JP_SURBL
Quoting Jeff Chan [EMAIL PROTECTED]:
SpamAssassin and Exim cannot work together without some other program
coordinating them. You're probably going to need to find out what that
program is in order to solve things. Any FAQs about SpamAssassin
itself may address the coordinating program
the coordinating program, but only peripherally.
SpamAssassin only scores the messages. It doesn't deliver them and it
doesn't control how they're delivered based on that score.
Jeff C.
Jeff Chan wrote:
Quoting ploppy [EMAIL PROTECTED]:
i enabled SA on one of my accounts and since
Quoting Rocco Scappatura [EMAIL PROTECTED]:
I have to
enable only the plugin with loadPlugin.
... and it's enabled by default, so you should be all set. :)
Then I have to use the command 'urirhssub' of the plugin
URIDNSBL to
specify that I want to use SURBLs:
... the rules exist by
Quoting Rocco Scappatura [EMAIL PROTECTED]:
Maybe, now is the case to set up a copy of zone locally on my server.. I
ve about 1300K messages rejected per day!!
Yes, you should not query 1.3 million messages per day on the public
nameservers. That would be considered abusive.
Jeff C.
by Checkfree.
customercenter.com appears to be owned by domainers/squatters.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
”, or as a
side-effect attempts to evade over-simplistic sender address
verification as seen in spam, viruses, and so on.
[...]
It helped us.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
scoreGMD_R_DOT_HTML 3.5
Note: making it an uri rule doesn't hit them all.
enjoy
It and video.exe are Storm.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
Use SURBLs. Enable network tests:
http://www.surbl.org/faq.html#nettest
jp.surbl.org blacklisted that domain at 14:33 CEST
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
of the nameservers of web sites
in the message body against the Spamhaus SBL list.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
to track down. This one is not an open gate
issue, but is still driving me nuts...
If your sendmail is recent (past few years) it won't be open
relay by default. If it's not current, upgrade.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
Try using the SARE stocks rule:
http://www.rulesemporium.com/rules.htm#stocks
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
but I am
willing to put $100 and say
SA/SARE does better.
Doesn't Barracuda use SpamAssassin in their boxes? If so it's
not too surprising that it wouldn't perform much differently from
SpamAssassin :-)
Barracuda may not use SARE, so SARE may indeed be better.
Jeff C.
--
Jeff Chan
mailto
exists.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
On Thursday, June 22, 2006, 3:21:36 PM, Ken A wrote:
Jeff Chan wrote:
On Thursday, June 22, 2006, 10:35:10 AM, Ken A wrote:
Rick Wesson over at Alice's Registry has a dnsrbl listing recently
registered domains (see below). I thought this might be of interest to
SA users. Anyone used
grabbed a bunch of domains several years old
that recently expired. There was a burst of them today.
Probably even saying that we noticed that helps the spammers.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
On Friday, June 23, 2006, 5:31:04 AM, Michael Monnerie wrote:
On Freitag, 23. Juni 2006 14:10 Jeff Chan wrote:
http://www.bobparsons.com/DomainKiting.html
Very interesting page, I wasn't aware of Domain Kiting yet.
A check for new domains would be good implemented in the MTA directly,
so
On Friday, June 23, 2006, 6:36:38 AM, Michael Monnerie wrote:
On Freitag, 23. Juni 2006 14:49 Jeff Chan wrote:
4. A DNSBL is a reasonably good technology for distributing
these data.
Yes, some DNSBL. It should be one that contains newly registered
domains, within the 5 day test period
with a permanent error.
(If the whois source is not trustworthy it's also blocked with a
permanent error.)
Michael gives some good possibilities and a discussion of the
difference with greylisting. Note that whois can't really be
done on an automated, high-frequency basis.
Jeff C.
--
Jeff Chan
On Tuesday, July 4, 2006, 5:01:21 AM, Pezhman Lali wrote:
Hi
else SURBL, neither of other DNSBL, not answer me,
1-why?
2- how can I decrease these 12 sec?
best
Pezhman
Is there a recent version of Net::DNS installed on your system?
Jeff C.
--
Jeff Chan
mailto:[EMAIL
On Tuesday, July 4, 2006, 7:52:39 AM, Jeff Chan wrote:
On Tuesday, July 4, 2006, 5:01:21 AM, Pezhman Lali wrote:
Hi
else SURBL, neither of other DNSBL, not answer me,
1-why?
2- how can I decrease these 12 sec?
best
Pezhman
Is there a recent version of Net::DNS installed
, but for SURBLs, IPs are expected to be
dotted quads only.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
If not, what versions should be used?
Cheers,
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
of glibc.
Daryl,
Can you determine if 3.0.6 is safe to use with Net::DNS 0.49?
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
to anyone reading this: please don't grab our list more
often then say once a month since it only rarely updates.
(Some suboptimal coder grabbed it once *per URI* or *per message*
until we straightened him out.)
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
queries. Please open a bugzilla about it:
http://issues.apache.org/SpamAssassin/
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
On Saturday, August 5, 2006, 12:46:20 PM, Benny Pedersen wrote:
spamcop.com is the windows client for spamcop.net ?
No, IIRC it's something totally different that's squatting a
similar domain name, probably on purpose.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
result in some more spam due to that effect. There is also a
mole option you can set in SpamCop that does not report, just
blacklists.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
take every single spamcop report (or other email
abuse report) seriously and investigate all of them.
Same here. We take all abuse reports seriously and investigate
them, including SpamCop reports.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
On Tuesday, August 8, 2006, 7:53:45 AM, Rick Macdougall wrote:
Jeff Chan wrote:
On Monday, August 7, 2006, 1:56:41 PM, DAve DAve wrote:
In frustration I edited /etc/resolv.conf and removed 127.0.0.1, URI
lookups are completing and MailScanner is blasting through the queues on
both machines
Aside from the experimental OCR some folks are trying, what SA
techniques are folks having good luck with for stopping those
stock spams that are multiple, vertical images?
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
if it's a specific SA
interaction.
But it would still be nice to know what's causing it, even if
it's not SA or an interaction with it.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
On Tuesday, August 8, 2006, 8:08:04 AM, Jeff Chan wrote:
Aside from the experimental OCR some folks are trying, what SA
techniques are folks having good luck with for stopping those
stock spams that are multiple, vertical images?
Any technique for single image stock spams would be welcomed too
On Tuesday, August 8, 2006, 8:26:18 AM, decoder decoder wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jeff Chan wrote:
On Tuesday, August 8, 2006, 8:08:04 AM, Jeff Chan wrote:
Aside from the experimental OCR some folks are trying, what SA
techniques are folks having good luck
.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
it to our FAQ, given that others may be
having similar issues.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
patterns happen to
be in the modified response.
SURBLs will work with OpenDNS if their typo correction feature is
disabled on servers or clients doing SURBL queries.
__
Does that look about right?
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
are enabled and
Net::DNS is current on the system, and SURBLs will be used since
they're already in the default configurations.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
like OpenDNS changing the DNS results in a
way that's not compatible with SURBL applications:
http://www.surbl.org/faq.html#opendns
In any case, none of the domains mentioned are blacklisted, so
there is a problem with your SpamAssassin or DNS.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED
modification or proxy services that change the DNS query
results of non-matches (NXDOMAIN results).
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
/
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
will:
spamassassin -D some_message_in_a_file
Cheers,
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
://wiki.apache.org/spamassassin/TrustedRelays
If the trust path is wrong, then all of your incoming messages
can be mishandled, as if they are coming from your own internal
network.
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
, howtos, faqs, etc., at:
http://www.surbl.org/links.html
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
://www.surbl.org/faq.html#nettest
Jeff C.
--
Jeff Chan
mailto:[EMAIL PROTECTED]
http://www.surbl.org/
goes into further
detail on this new list.
Please also see this bugzilla:
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6335
Cheers,
Jeff C.
--
Jeff Chan
mailto:je...@surbl.org
http://www.surbl.org/
rbldnsd an BIND configs for the zone and
spamassassin rule, and we will check them.
Jeff C.
--
Jeff Chan
mailto:je...@surbl.org
http://www.surbl.org/
://cbl.abuseat.org/totalflow.html
Jeff C.
--
Jeff Chan
mailto:je...@surbl.org
http://www.surbl.org/
that struggle with these
issues every day. Maintaining accurate ham and spam corpora and
making policies for what belongs in which category is trivial in
some easy cases like bot pill spam, but non-trivial in other
cases.
Cheers,
Jeff C.
--
Jeff Chan
mailto:je...@surbl.org
http://www.surbl.org/
approaches.
Those degenerate cases of both are indeed interesting.
Cheers,
Jeff C.
--
Jeff Chan
mailto:je...@surbl.org
http://www.surbl.org/
there is a responsible party to hopefully act on
unsubscriptions, fire the spammy marketer, etc. It's sort of a
degenerate case of the degenerate case of email addresses going
to to a third party, except it's the same party.
Spam is easy. Ham is hard.
Cheers,
Jeff C.
--
Jeff Chan
mailto:je...@surbl.org
1 - 100 of 624 matches
Mail list logo
