On Tue, 03 Aug 2004 08:47:57 -0400, Albert Whale <[EMAIL PROTECTED]> wrote: > Moving to the Users List. > > >>I guess the issue here Jeff, is that there are a few million injections > >>of the message before it makes it into the Database. I want to detect > >>it as soon as it occurs (and not require that it be relying on any other > >>device externally for the detection). > >> > >> > >>How does the IP Address make it into the SURBL List?
Hi Albert, Well if you're talking Phishing Data I would be the person to talk to. Data is collected from a reasonable set of information streams including customer message intercepts, end user reported messages, spamtraps and a couple of somewhat abstract however effective methods. If you've got something to report please shoot it to postmaster at corp.mailsecurity.net.au > >Well first, SURBLs don't have many IP addresses. Most entries > >in the lists are domain names. > > > > > Most Phishers are based on IP Addresses. Is the SURBL a Good Match, or > am I attempting to develop a New Detection Tool? The Phishing list is mainly IP's, we will list whatever the malicious URL is domain based or otherwise. > >Second it doesn't take "a few million" messages for an entry > >to get onto a SURBL list. For some of the lists it requires > >only one to be detected. Please see the Lists document on > >our site for more information: > > > Well, I say a Few million get out of the Phishers, before someone > reports it. You'd be incredibly surprised how fast some are caught. We're still working on a 100% reliable 98% automated solution but until then the updates are still made as submissions arrive. > I want to detect it, and stop it before needing to rely on > a first responder acting on behalf of someone else. I guess I am > looking for this new Detection tool to be the First Responder. I'm interested - can you outline what you're planning? > This certainly is NOT going to replace the lists in the SURBL, but is > may also permit that this detection could 'feed' data into the SURBL. Again, tell me more :) > Back to a previous point. Since most Phishers are using IP Addresses in > the Web Link, is there an existing test for this, or do I need to > develop it? Reversed octet IP addresses can be fed into SURBL's we use them all day every day.. -- Regards, David Hooton
