OK I'm going to respond to several ideas in this thread in a single reply. It may help to go back and review some of the thread messages.
1. Regarding adding resolved IP addresses to SURBLs: Not gonna happen. FP potential is way too high. A single (false) entry resolving to a legitimate large shared web hosting server could block hundreds or more legitimate sites. 2. However the next version of sc.surbl.org data engine will be a hybrid name/number system where: A. the domains will get resolved internally, B. the resulting IPs will get sorted into (CIDR) bins, C. any fresh domain report that happens to resolve into one of those bins will inherit the count of hits in the bins (perhaps modulo some function), and most likely any fresh spam domains resolving into a well-populated bin will get listed on the first report instead of the tenth as sc does now. We could even raise the threshold to decrease FPs or change to a "top 500" or "top 1000" list. So that should short circuit most the lag in detection for domains resolving to persistent spammer IPs for the sc data. The resulting lists will still be mostly domains. We probably won't let the internal IPs out, at least not in the existing SURBLs. Perhaps we could turn them into a separate list which could be scored lower. But our focus will remain on domains because they are highly specific and don't require the time- consuming step of name resolution. (Name resolution is no problem on a small box, but on big mail systems it can make content checking impractical. Resolved IPs also have some of the potential problems already mentioned, most importantly FPs.) 3. The outblaze data already has a "recentness of domain registration factor" of 90 days. It also includes extensive spam traps. The combination appears to catch many spammer URI domains pretty quickly and with a low FP rate. So it already somewhat incorporates John Hardin's idea of catching recently registered domains, with the added factor that they actually got caught spamming. Outblaze's traps apparently are pretty well engineered, given the relatively low FP rate. BTW, there's a longer discussion of this question in the FAQ: http://www.surbl.org/faq.html#numbered "Are there plans to offer an RBL list with the domain names resolved into IP addresses?" Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
