At 2:15 PM -0500 11/16/06, Charles Mangin imposed structure on a
stream of electrons, yielding:
i understand several of the RBLs maintain their own spamtraps to
update their lists with newly exploited or zombied IPs. these
addresses are kept secret for obvious reasons.
what i wonder, though, is there an RBL out there somewhere that i
can submit or redirect my spamtrap addresses to, that would then add
the IPs i'm getting messages from?
None worth using. SpamCop does some work with third-party traps, but
I don't believe that they take small-scale feeds.
There's a difference between being certain that a particular piece of
mail from a particular IP address is not legitimate and knowing that
a significant fraction of everyone's mail from that IP address is
spam. The canonical example is a legitimate mailing list system,
which might hit a trap address with a subscription confirmation
message. There's always a chance of accidental mail to *any* address,
and I don't think anyone should be using a DNSBL for listing
addresses subject to accident, since you can get identical coverage
by just accepting no mail.
it seems that a lot of my spam lately has been pump-and-dump
messages generated from some botnet or other, and i get the messages
before the RBLs spamtraps do, or before any of the 5 RBLs i
subscribe to update with those IPs.
If you're using the SBL-XBL list at Spamhaus you might find better
results from cbl.abuseat.org and the SBL as distinct lists. The CBL
is the most useful source data for the Spamhaus XBL, and has a slight
lead time.
The SpamCop list (see www.spamcop.net) is the quickest on the
trigger, but it has risks that a lot of people cannot tolerate, like
a habit of listing IP's used by major ISP's for outbound mail. The
cost of fast listing is that a list has to be automated, and
SpamCop's automation makes no exceptions for spam sources that also
send a lot of valid mail.
what i guess i'm looking for is a place that says "send us your
spam, we'll make sure nobody else gets it." i've looked around and
haven't found such an RBL, but i wonder if the folks on this list
have heard of one.
SpamCop has that effect, but I can't recommend it.
More careful and useful approaches for collaborative spam filtering
include Vipul's Razor (http://razor.sourceforge.net/) and DCC
(http://www.rhyolite.com/anti-spam/dcc/) but whether you find either
useful may depend on whether you're using SIMS or whether you're just
left here by inertia...
--
Bill Cole
[EMAIL PROTECTED]
#############################################################
This message is sent to you because you are subscribed to
the mailing list <[email protected]>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to <[EMAIL PROTECTED]>
