On Sunday, March 13, 2005, 8:07:47 AM, List User wrote: > I think it would be useful, *but* Spamhaus is very good at adding > IPs of sites that exploit the XBL - So you would see a significant overlap. > [...] And, SURBLs are RHS lists, so you will catch IP jumping that > the SBL often misses (for a little while).
Yep slightly different but related tools. As you note there are advantages to the different list types. > I don't believe that you will find `spamvertised' domains using > exploited machines one day, and valid mailers later - Just a `new' exploited > machine that hasn't made its way onto the lists yet (like IP jumping, being > a RHS list is an advantage here too). Exactly. Any site advertised many times through zombie-delivered spams is likely to belong to spammers and not whitehats. Whitehats probably tend not to use zombies. > Also, it wouldn't take a "major" joe job (or whatever the name for > chafe that isn't personally directed would be - remember "joe job" refers > to a specific spammer who was pissed at being thrown off joe.com). You > would just have to maintain a whitelist like you do now for people like > w3c.org who are always being abused (or the phishing spam target companies, > whose own pictures and logos usually appear, or newspapers and magazines > who end up in 419s). Yes our whitelist always applies, and additional processing and testing would be done on the raw data before it was deemed usable. Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
