>-----Original Message----- >From: Jeff Chan [mailto:[EMAIL PROTECTED] >Sent: Thursday, September 09, 2004 5:26 PM >To: Chris Santerre >Cc: SURBL Discussion list (E-mail); Spamassassin-Talk (E-mail) >Subject: Re: Start an IP list to block? > > >On Thursday, September 9, 2004, 1:56:33 PM, Chris Santerre wrote: >> OK, this isn't the first time we've had this discussion, but >Raymond and I >> felt this should be made public again. He ran thru some >tests of 1500+ >> domains and found the following data. Looks like they maybe send from >> zombies, and never their hosts. IPs are similar across the board. > >> So is there a way to use the IP info in a good way? Could SA >or SURBL do a >> quick ping of the URL and match against a URL? This would >allow us to simply >> list 1 IP instead of all these domains. > >> (I'm well aware of virtual hosts! So only the filthiest of >spammers would be >> put on this IP list. Then their IP better boot them or >anyone hosted on that >> box would feel the rath of SURBL.) > >Yes, we've already discussed reasons why we're using only the >data actually found in spam URIs. The potential for collateral >damage in looking at resolved IPs is too high. > >It would be very easy for a large hosting provider to have 1 >bad guy sharing a web server with 100 or 1000 non-spammers. >Given that we can't see those other 100 or 1000, it would be >very easy for us to add that 1 IP address and block the >other 100 or 1000 *without even knowing it*. > >It is a question about the limits of knowledge. In our >universe we can't see the potential collateral damage from >listing a shared host, so we should not do it. From our >point of view it's not knowable. Sure the hosting company >knows whether that's the case, but we can't. > >I'd encourage people with questions like this to read up or >take some classes on epistemology or the theory of knowledge. >Or just contemplate the possibilities harder... ;-)
LOL, I love our conversations ;) Well when I said filthy, I meant down right Christina Aguleira raunchy spammers! The drippiest of rotten stinking spammers. Basically those hosted by spam friendly hosts. This is a step I was sure you would not want to do, but I can think of a ton on the SPAM-L list who would jump at the chance. Makes ISPs become more responsible. However this is just theory discussion anyway...or is it :p --Chris
