>-----Original Message----- >From: Loren Wilton [mailto:[EMAIL PROTECTED] >Sent: Friday, June 03, 2005 6:47 AM >To: Duncan Hill; users@spamassassin.apache.org >Subject: Re: Is Bayes Really Necessary? > > >>> If that statement is true, perhaps the surbl lists could >automatically >>> include the dotquads for hosts ****that are known to be >pure spam sources**** and >>> not mixed systems. Then the client could get the ip for a >suspect hostname >>> and see if it matched a known spam dotquad. > >> I'd swear this came up before. The one (slight?) problem >with this tactic is >> that you can have too many FPs if a spammer targets a legit hosting >> operation. > >I think there was a failure to read all the words in my >original post. > >I quite specifically suggested that listing ips should be >limited to hosts ****that are known to be pure spam >sources****. If the host is ****KNOWN**** to be purely spam >(ie: it is owned and run by the spammer), I fail completely to >see how matching on the known IP for that host can either >target or hit innocent bystanders; or indeed bystanders of any sort. > >It might be argued that making the determination that a host >is a pure spam host could be hard. This may well be true. >But despite that, I'd bet that Jeff or Chris could probably >list off a dozen or hundred or so hosts that they know quite >well serve nothing except spammer domains. I fail completely >to see how matching on the ip for these known hosts can do >anything but good, assuming the ip lookup is limited to the >resolved ips of urls found in the spam. > > Loren
Loren is correct. And Jeff and I have had this conversation many times. Jeff would rather not risk the FPs by doing it. I can see his point. But I agree with Loren that we have IPs that are pure spam. But we watch those on the backend like Loren said. Getting more automated as well. So rather then do the extra processing up front, our research just pays more attention to those 'pure evil' hosts. Which is one of the reasons the domains fall into balck.uribl.com so fast. I won't release the list of IPs I have now. Not yet anyway. Don't want them to move :) Chris Santerre System Admin and SARE/URIBL Ninja http://www.rulesemporium.com http://www.uribl.com
