Jump to content

URL RBL


cputerace

Recommended Posts

Why doesnt Spamcop use the information they recieve from the spam reports to create a URL RBL? It seems it would be a great tool, as the reporting mechanism already parses out url's in spam reports and Spamassassin already supports URL RBL Lookups.

-Mike

Link to comment
Share on other sites

Why doesnt Spamcop use the information they recieve from the spam reports to create a URL RBL?

30099[/snapback]

Do you mean for blocking email, or somehow blocking http requests? Don't know much about the latter, and don't see it being very useful for the former. How would you identify spammy URL's from innocent bystander URL's or "Joe Jobs". The first problem would be how to generate a 'valid and reliable' URL RBL. Other people might have comments about the second problem, or how one would implement such blocking if it were valid.

All in all, I think the consensus on why Spamcop handles URL info the way it does is because while it can be rather informative, it's not reliable enough to base an automated and potentially damaging blocking scheme on.

Link to comment
Share on other sites

There is the issue of whether to have a list or lists of the complete URLs, the hosts of the URLs, and/or the IP Addresses of the hosts of the URLs. All three would be great!

Link to comment
Share on other sites

This exact thing is already being done. It is not hosted here at SpamCop, but over at surbl.org. If you look at the description of lists, you will see that the first one, sc.surbl.org, is based on spamvertized websites from SpamCop reports. You can also use SpamCopURI to pull the data directly from the SpamCop servers.

Do you mean for blocking email, or somehow blocking http requests?
You do not use it for outright blocking, because it is content-based. But you can use it for SpamAssassin-style filtering. If a message contains a known spamvertized URL, it gets a higher score. You could also use it for blocking http requests, if you are so inclined, but the primary purpose is to filter mail.

How would you identify spammy URL's from innocent bystander URL's or "Joe Jobs".
That's explained in the FAQ. It is not an exact science, but the "innocent bystander" problem here is probably not worse than with conventional blocklists.

By the way, the version of SpamAssassin used by the SpamCop Email System already uses the SURBL RBLs:

X-spam-Status: hits=28.0 tests=HTML_50_60,HTML_FONT_BIG,HTML_MESSAGE,INFO_TLD,

LOTS_OF_STUFF,SARE_OEM_AND_OTHER,SARE_OEM_A_1,SARE_OEM_A_2,

SARE_OEM_PRODS_1,SARE_OEM_PRODS_2,SARE_OEM_PRODS_FEW,SARE_OEM_SOFT_IS,

SARE_PRODS_LOTS,SARE_PRODUCTS_02,SARE_PRODUCTS_03,SARE_PRODUCTS_04,

URIBL_AB_SURBL,URIBL_JP_SURBL,URIBL_OB_SURBL,URIBL_SBL,URIBL_SC_SURBL,

URIBL_WS_SURBL version=3.0.2

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...