Marc Perkel wrote:
I'm now capturing 2 separate spam feeds and I want to share it with
anyone who can use it. I'll forward it to you in real time.
First - the spambot feed. This is spam that is mostly spambot
generated targeted at email addresses that never existed. It's 100%
spam and I've added a header that has the IP address of the host that
sent it to me. None of this is forwarded. If you're building an RBL of
IPs you'll want this feed. I think this feed will give you at least
40,000 spams a day. These are bots NOT listed with Spamhaus because I
reject those spams at connect time.
The second is high scoring SA caught spam of 15 points and up. But
it's not just SA scores. It's modified by hundreds of other tricks
I've developed. This spam is good for harvesting URIs for URIBL lists.
It also includes Phishing spam. I can't say it's 100% but it's better
than 99.9% accurate. These spams are high quality in that it's spam
that snuck through other screening meathods I've used.
None of this spam is the really easy to catch stuff. We all can block
the easy stuff.
I hate spam and spammers. I'm already sending one list to a URIBL
provider who is very happy so far. I just started sending the spambot
stuff to another IP RBL provider and they have yet to comment. But -
if anyone else wants some of this I can add you to my list. All I need
is an email address to feed it to.
So - who wants in on this?
More details ....
I've had several people contact me about this and I'm currently
forwarding these streams to several destinations. As a result I'm
putting out some extra effort to improve the quality of the spam I'm
providing. I'm still looking for other people who are interested in
this, escpecially if you run or are feeding an RBL list.
First - to answer some questions that people are asking me.
Q) Why two separate streams of spam.
A) Because they are two different kinds of spam. One stream is mostly
spambots and spam suitable for IP based RBLs. The second stream is spam
that scores very high and is suitable for harvestting for URIBL lists.
The second stream is not for IP based RBLs because it includes email
that was forwarded from other account.
Q) Can i just get one or the other and not both. Can you send the
streams to 2 separate email accounts?
A) Yes
Q) Because the strwam is coming from your servers, how do we know what
IP address to RBL?
A) I added a couple extra headers to help you with that:
headers add "X-Sender-Host-Address: $sender_host_address"
headers add "X-Original-helo: $sender_helo_name"
Q) What is the quality of the spam you are sending.
A) The BOT spam for IP address harvesting is 100% accurate. I have
excluded spam that is already listed in Spamhaus, Spamcop, and some
other choice lists so that the IP addresses that they came from are new
and unlisted. This spam comes from sources emailing honeypots, other
email accounts that never existed, and other SMTP type tricks that only
spammers use. All this spam is caught based on behavior and not content.
The second feed may not be 100% accurate but likely exceeds 99.9%
accuracy. It includes Phishing scams, high scoring SA tests, 419 scams,
and other content based tests. Much of the spam caught is email
forwarded from legitimate sources like eff.org or pobox.com and is not
suitable as IP block lists, but is suitable for URIBL, image checksums,
419 email address harvesting, and other content type black lists.
Q) Why don't you just set up you own RBL?
A) I'm thinking about it but would rather work with established RBL
providers who are already trusted.
Q) How much spam can you feed?
A) At the moment the BOT type spam is about 40,000/day. The SA content
based spam is about 10,000/day.
Q) Where do you get your spam from?
A) I run a front end spam filtering service at
http://www.junkemailfilter.com that is currently filtering for about 500
domains. My service was reviewed by PC Magazine writer John C. Dvorak on
This Week in Technology. Here's a link to 8 minutes of audio.
http://www.junkemailfilter.com/dvorak.mp3
Q) What do I have to do to get this spam? Is there a charge?
A) Email me privately about it. All you need to do is create an account
that I can forward the spam to. If you want both streams then I
recommend two separate accounts. You should be someone who is in a
position to feed the results into popular lists that will be used to
help block spam worldwide. I do not charge for this but if you want to
send me money I will accept it.
Q) Aren't you helping your competitors doing this?
A) The most effective spam filtering is community based filtering where
we all work together against a common enemy. The more I give away the
more I get.
So - who wants my spam?
