It would probably help if I explained that I brought up two different but related ides in quick succession:
1. Asking for URI domains of messages sent through zombies, open relays, open proxies, etc. detected by XBL that mentioned SURBL URIs. 2. Asking for URI domains of messages sent through zombies, open relays, open proxies, etc. detected by XBL regardless of whether those domains were already listed in SURBLs or not. The latter may actually be more useful since it's broader and more inclusive. We could easily intersect them against SURBLs ourselves if it were useful for other applications. I believe this could be a valuable new data source. It's true that Spamhaus and others probably already have this data internally but we don't. ;-) It's also possibly true that existing trap based lists like ob.surbl.org and jp.surbl.org may already have similar data in them. As Paul notes there is probably a lot of overlap between the various datasets being used or proposed. I'd probably ask for messages sent through XBL and list.dsbl.org listed hosts since both lists are pretty reliable. Completeness of compromised host detection is probably non-essential for this application. The resulting dataset would be so large that missing some fraction of zombies probably would not affect the end result very much. The sites of the biggest spammers would tend to bubble to the top of a volume-ranked list. Jeff C. -- "If it appears in hams, then don't list it."
