Jeff Chan <[EMAIL PROTECTED]> writes: > FWIW Here's an du -sk directory size summary of the reports > SURBL grabbed from SpamCop Spamvertised sites over the past > 4 days or so, stored by TLD or first octet of a numeric URI: > > KBytes TLD or first octet of numeric address
It might be interesting to do checks on /24 networks since spammers will often get a whole block of addresses and divvy up their current domains amongst them. If it's possible and not too much work for you, it might be worth trying a bunch of different approaches on different temporary subdomains and then we can compare each against our corpora. - longer timeout vs. shorter timeout - lower threshold vs. higher threshold - gathering /24 networks for numeric addresses (combined with an A lookup of non-numeric addresses on your end). Daniel -- Daniel Quinlan anti-spam (SpamAssassin), Linux, http://www.pathname.com/~quinlan/ and open source consulting
