Hi,
Using quaraintained spam and FN's I found out that the various SURBL lists lag behind the spammers. I consider it "normal" but also like to improve it.
I only receive 20-50 spams per day and did an analysis and found out that the URLs of the spam messages are about domains using the same IP address.
I found for example: 211.158.6.88 2giKe4V5C.simptompsakiana.org 211.158.6.88 5tYTNHYH.polishesofikals.org 211.158.6.88 7Z05PeUBKz.9H8UozoNv.pazdanimphos.org 211.158.6.88 9L88lRG.poisesneynano.org 211.158.6.88 9XA.1eX.fraklesneynano.org 211.158.6.88 BL4CLL.fraklesneynano.org 211.158.6.88 BlnXPOc7d.LURaH.bortsimisbortsimis.org 211.158.6.88 Cdj.2NJq2BanB.bortsimisbortsimis.org 211.158.6.88 DC.pikasxesros.org (and lots more)
So I wonder if we could extend the SURBL module in SA to also verify the IP address of the URI in a (new?) surbl list.
Marc
