On Monday, January 10, 2005, 8:50:37 PM, Andrew wrote: CA> Thanks, Pete.
CA> I was thinking that Sniffer's l33t ninja skillz would be well-used for CA> searching a large corpus of URIs, particularly the current bout of CA> spammers you and I mentioned before Xmas (the ones that are specifying CA> the domain name, not a URL, and which Sniffer is catching because of the CA> consistent instructions, regardless of the dynamically changing domain CA> names), as a URI filter might miss them because of obfuscation, or might CA> miss the real payload. Sniffer would catch these URIs, because it only CA> cares about tokenized text, not whether that text was detected in a URL. CA> There would still be a place for both SURBL lookups and Sniffer in that CA> scenario, because they are refreshed on different schedules and have CA> independent spamtraps feeding them. CA> I wasn't thinking about Sniffer incorporating a real-time lookup; I CA> agree with your direction for the product. For the reason you cited, CA> I'll go a little further and say that Sniffer would have to really break CA> out in a new direction to be worth implementing a real-time lookup of CA> some sort. I agree. Thanks for clarifying. The only real-time stuff we have planned is proactive -- where trusted peers and our control nodes will share some real time data eventually. With regard to incorporating SURBL in SNF... I wonder about that for a lot of reasons. With a sufficient hardware it would be possible to fold in SURBL and a number of other services (SBL for example) - though the rulebase would be quite large I'm sure, and I think I would prefer to have those rulebases separate. Perhaps there's a future solution in that statement -- perhaps someday other public BL systems might be automatically incorporated in to SNF readable distributions -- though with the exception of URI based systems I think DNS distribution mechanisms are probably the best choice. I'll have to keep thinking about this. Thanks! _M This E-Mail came from the Message Sniffer mailing list. For information and (un)subscription instructions go to http://www.sortmonster.com/MessageSniffer/Help/Help.html
