Re: [SURBL-Discuss] Re: Applying SURBL against blog comment spammers

[Matthew Hunter <ma...@infodancer.org>]

On Thu, Sep 02, 2004 at 12:23:48AM -0700, Jeff Chan <je...@surbl.org> wrote:
> We could perhaps set up a separate SURBL for blog spammers.
> It would be a slight shift in focus since the other SURBLs are
> all for email spam.  Can you give an idea of how many records
> you have?

Since my weblog software is custom, I've just got those few who 
have made the effort to target me specifically.  That boils down 
to what looks like 3-4 entities and about 20 domains.  I just 
started compiling it today, though.  There are probably more 
buried in the logs that haven't been spammed at me recently.

> Also have you tried Jay Allen's MT-Blacklist/Comment Spam
> list:
> 
>   http://www.jayallen.org/comment_spam/
> 
> It would be interesting to look at your data to see if there's
> much overlap with our existing lists.  In the case of Jay's data,
> there's nearly none.

I've looked at it before.  It's oriented around MT, and since my 
weblog software is a custom thing, I can't use it directly.  The
actual database of domains looks like something easy to import 
into rbldnsd, though, and the updates could probably be automated  
via the RSS feed.  No overlap with my current (very small) 
blacklist.

IMO, for the purpose of an SURBL, spam is spam is spam.  I don't 
see a need for a separate list so much as for SOME list; the 
SURBL technology is the right technical fit for the problem,
since there's no point in everyone madly maintaining their own 
local blacklists... the rest is just the details.

-- 
Matthew Hunter (matthew@infodancer.org)
Public Key: http://matthew.infodancer.org/public_key.txt
Homepage: http://matthew.infodancer.org/index.jsp
Politics: http://www.triggerfinger.org/weblog/index.jsp

Re: [SURBL-Discuss] Re: Applying SURBL against blog comment spammers

[Jeff Chan <je...@surbl.org>]

On Thursday, September 2, 2004, 12:50:29 AM, Matthew Hunter wrote:
> On Thu, Sep 02, 2004 at 12:23:48AM -0700, Jeff Chan <je...@surbl.org> wrote:

> to what looks like 3-4 entities and about 20 domains.  I just
> started compiling it today, though.  There are probably more 
> buried in the logs that haven't been spammed at me recently.

>> Also have you tried Jay Allen's MT-Blacklist/Comment Spam
>> list:
>> 
>>   http://www.jayallen.org/comment_spam/
>> 
>> It would be interesting to look at your data to see if there's
>> much overlap with our existing lists.  In the case of Jay's data,
>> there's nearly none.

> I've looked at it before.  It's oriented around MT, and since my 
> weblog software is a custom thing, I can't use it directly.  The
> actual database of domains looks like something easy to import 
> into rbldnsd, though, and the updates could probably be automated  
> via the RSS feed.  No overlap with my current (very small) 
> blacklist.

Yes a list of domains is what we would need as input to a SURBL,
and yours and Jay's could be used.

> IMO, for the purpose of an SURBL, spam is spam is spam.  I don't 
> see a need for a separate list so much as for SOME list; the 
> SURBL technology is the right technical fit for the problem,
> since there's no point in everyone madly maintaining their own 
> local blacklists... the rest is just the details.

As a data transport, I agree the technology is generally a good
fit.  But most of the use of SURBLs so far is in comparing to
message bodies, so some of the applications are different.  It
also means the source data is different.  To me that argues for
a separate list, even if it's just added to multi and not
a standalone list.

We'd need to document it so that people knew the source and
application of the data was different from the mail spam URI
lists.

One could make similar arguments for Usenet spammers.

Jeff C.