Jump to content
Sign in to follow this  
cputerace

URL RBL

Recommended Posts

Why doesnt Spamcop use the information they recieve from the spam reports to create a URL RBL? It seems it would be a great tool, as the reporting mechanism already parses out url's in spam reports and Spamassassin already supports URL RBL Lookups.

-Mike

Share this post


Link to post
Share on other sites
Why doesnt Spamcop use the information they recieve from the spam reports to create a URL RBL?

30099[/snapback]

Do you mean for blocking email, or somehow blocking http requests? Don't know much about the latter, and don't see it being very useful for the former. How would you identify spammy URL's from innocent bystander URL's or "Joe Jobs". The first problem would be how to generate a 'valid and reliable' URL RBL. Other people might have comments about the second problem, or how one would implement such blocking if it were valid.

All in all, I think the consensus on why Spamcop handles URL info the way it does is because while it can be rather informative, it's not reliable enough to base an automated and potentially damaging blocking scheme on.

Edited by Jank1887

Share this post


Link to post
Share on other sites

There is the issue of whether to have a list or lists of the complete URLs, the hosts of the URLs, and/or the IP Addresses of the hosts of the URLs. All three would be great!

Share this post


Link to post
Share on other sites

This exact thing is already being done. It is not hosted here at SpamCop, but over at surbl.org. If you look at the description of lists, you will see that the first one, sc.surbl.org, is based on spamvertized websites from SpamCop reports. You can also use SpamCopURI to pull the data directly from the SpamCop servers.

Do you mean for blocking email, or somehow blocking http requests?
You do not use it for outright blocking, because it is content-based. But you can use it for SpamAssassin-style filtering. If a message contains a known spamvertized URL, it gets a higher score. You could also use it for blocking http requests, if you are so inclined, but the primary purpose is to filter mail.

How would you identify spammy URL's from innocent bystander URL's or "Joe Jobs".
That's explained in the FAQ. It is not an exact science, but the "innocent bystander" problem here is probably not worse than with conventional blocklists.

By the way, the version of SpamAssassin used by the SpamCop Email System already uses the SURBL RBLs:

X-spam-Status: hits=28.0 tests=HTML_50_60,HTML_FONT_BIG,HTML_MESSAGE,INFO_TLD,

LOTS_OF_STUFF,SARE_OEM_AND_OTHER,SARE_OEM_A_1,SARE_OEM_A_2,

SARE_OEM_PRODS_1,SARE_OEM_PRODS_2,SARE_OEM_PRODS_FEW,SARE_OEM_SOFT_IS,

SARE_PRODS_LOTS,SARE_PRODUCTS_02,SARE_PRODUCTS_03,SARE_PRODUCTS_04,

URIBL_AB_SURBL,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SBL,URIBL_SC_SURBL,

URIBL_WS_SURBL version=3.0.2

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×