At 10:49 -0400 13-05-2004, Matt Kettler wrote: >At 03:47 PM 5/13/04 +0200, Jona Tallieu wrote: >>Hi All, >> >>Is there a way to use the SURBL-way of BL checking with >>other lists like the Spamhaus lists, so that all the URL's >>mentioned in the body of the mail are also checked >>by the SBL-XBL lists of Spamhaus? >> >>Or maybe a new SURBL list can act as a copy of SBL-XBL? > >I don't quite understand... > >SURBL checks urls, based on their textual domain name. It uses the spamcop >reporting system to collect URLs to list, but doesn't check the spamcop >blacklist. > >sbl, and most other blacklists, check IP addresses. Also, since these lists >are focused on mailservers and exploited boxes used in spamming, they >generally won't have the IPs of the web-host in them anyway. > >You'd be doing several extra DNS queries (resolve www.mypills.com to an IP, >then resolve that IP against SBL), and it's not clear you'd have a decent >hitrate, since SBL/XBL isn't intended to list the targets of your query.
I got this idea from Steve Linford over on the CommuniGatePro list: I quote: "For over a year some of the large spam filtering companies have used a trick which catches the vast majority of spam, with 0 false positives, using just SBL (and now SBL-XBL). If you take 10 spams you get today which get past your DNSBL checks, and you lookup the IP of the spammer's web site(s) advertised in the spam, in probably 7 out of 10 cases you'll find the IP is already listed on the SBL. If it's not, the chances are that the web site's NS server's IP is on the SBL. For MTAs there is code available to do this DNSBL check against: 1) the connecting IP 2) the NS records for the envelope from mail domain 3) the MX records for the envelope from mail domain 4) the A records for all URLs and host names mentioned in the body 5) the NS records for all the domains in 4 above Unfortunately it's only currently available for Sendmail as a milter from: <http://www.five-ten-sg.com/dnsbl.html> I'd like to see if someone is able to make this work with CGP, or suggest a way this could be done with some plugin to CGP... any ideas?" End quote. Just wanted to check if something like this could be done in SA, so we could use this on CommuniGatePro... J.
