On Sunday, March 13, 2005, 5:12:30 AM, Jeff Chan wrote: > On Friday, March 11, 2005, 11:27:52 PM, Jeff Chan wrote: >> Does anyone have or know about a list of spam-advertised URIs >> where the spam they appeared in was sent through open relays, >> zombies, open proxies, etc. In other words does anyone know >> of a list of spamvertised web sites or their domains that's >> been cross referenced to exploited hosts?
>> We could use that information as a valuable tool for getting >> more records into SURBLs. > One fairly easy for anyone running a large SpamAssassin > installation to help us get this data would be to simply grep > for "XBL" and "SURBL" rules hitting the same message and report > out the URI domains from those messages. > Perhaps some kind person could write a reporting function in > SpamAssassin for this? Hmm, perhaps if we could extract *all* URI domains from messages sent through XBLed senders then prioritize those say by frequency of appearance, we could create a new SURBL list of spamvertised domains sent through exploited hosts. That would pretty directly address the use of zombies, etc. and put a penalty on using them to advertise sites through them. Even with volume weighting such a list of sites could be attacked by major joe job unless we took additional countermeasures, but does anyone else think this might be a useful type of data source for SURBLs? Jeff C. -- "If it appears in hams, then don't list it."
