You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Ken A <ka...@pacific.net> on 2006/06/22 19:35:10 UTC
[Fwd: Re: [dns-operations] negative caching of throwaway spam domains]
Rick Wesson over at Alice's Registry has a dnsrbl listing recently
registered domains (see below). I thought this might be of interest to
SA users. Anyone used this, or other rbl with similar functions?
Scoring?
Accuracy?
Thanks,
Ken A
Pacific.Net
> -------- Original Message --------
> Subject: Re: [dns-operations] negative caching of throwaway spam domains
> Date: Thu, 22 Jun 2006 09:39:24 -0700
> From: Rick Wesson <we...@ar.com>
>
> I've created a DNSRBL called day-old-bread (ok you think of a good name
> for it) that contains a running list of domains registered in the last 5
> days. It lives at dob.sibl.support-intelligence.net.
>
> a test point is at
> test.dob.sibl.support-intelligence.com.dob.sibl.support-intelligence.net.
>
> the data set currently has just the last 2 days worth of domain
> registrations.
>
> The run rate will be around 5M domains for 5 days worth of registrations.
>
> I appreciate any thoughts on how useful this might be, and feel free to
> let others know the lists exists.
Re: [Fwd: Re: [dns-operations] negative caching of throwaway spam domains]
Posted by Jeff Chan <je...@surbl.org>.
On Thursday, June 22, 2006, 3:21:36 PM, Ken A wrote:
> Jeff Chan wrote:
>> On Thursday, June 22, 2006, 10:35:10 AM, Ken A wrote:
>>> Rick Wesson over at Alice's Registry has a dnsrbl listing recently
>>> registered domains (see below). I thought this might be of interest to
>>> SA users. Anyone used this, or other rbl with similar functions?
>>> Scoring?
>>> Accuracy?
>>
>>> Thanks,
>>> Ken A
>>> Pacific.Net
>>
>> Hi Ken,
>> I was corresponding with Rick about how to test this and was
>> going to suggest the developers add a test rule.
> # test for Day Old Bread DNSRBL of recently registered domains.
> header FROM_IN_DOB
> eval:check_rbl_envfrom('dob','dob.sibl.support-intelligence.net.')
> describe FROM_IN_DOB Domain recently registered
> tflags FROM_IN_DOB net
> score FROM_IN_DOB 0.1
> This has hit a few spams today. ymmv..
> Ken A
> Pacific.Net
Hi Ken,
It's probably much more useful to use this list to check message
body URIs than envelope froms. Envelope froms sometimes use
spammy domains, but URIs usually (must) advertise spammer's
sites. IOW envelope froms can be arbitrarily anything, but URIs
must be real; they must go to some site for the spam to be useful.
Jeff C.
--
Jeff Chan
mailto:jeffc@surbl.org
http://www.surbl.org/
Re: [Fwd: Re: [dns-operations] negative caching of throwaway spam
domains]
Posted by "John D. Hardin" <jh...@impsec.org>.
On Thu, 22 Jun 2006, Ken A wrote:
> # test for Day Old Bread DNSRBL of recently registered domains.
>
> header FROM_IN_DOB
> eval:check_rbl_envfrom('dob','dob.sibl.support-intelligence.net.')
> describe FROM_IN_DOB Domain recently registered
> tflags FROM_IN_DOB net
> score FROM_IN_DOB 0.1
>
> This has hit a few spams today. ymmv..
Is there an equivalent URIBL rule?
--
John Hardin KA7OHZ ICQ#15735746 http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 - 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Windows and its users got mentioned at home today, after my wife the
psych major brought up Seligman's theory of "learned helplessness."
-- Dan Birchall in a.s.r
----------------------------------------------------------------------
Re: [Fwd: Re: [dns-operations] negative caching of throwaway spam
domains]
Posted by Ken A <ka...@pacific.net>.
Jeff Chan wrote:
> On Thursday, June 22, 2006, 10:35:10 AM, Ken A wrote:
>> Rick Wesson over at Alice's Registry has a dnsrbl listing recently
>> registered domains (see below). I thought this might be of interest to
>> SA users. Anyone used this, or other rbl with similar functions?
>> Scoring?
>> Accuracy?
>
>> Thanks,
>> Ken A
>> Pacific.Net
>
> Hi Ken,
> I was corresponding with Rick about how to test this and was
> going to suggest the developers add a test rule.
# test for Day Old Bread DNSRBL of recently registered domains.
header FROM_IN_DOB
eval:check_rbl_envfrom('dob','dob.sibl.support-intelligence.net.')
describe FROM_IN_DOB Domain recently registered
tflags FROM_IN_DOB net
score FROM_IN_DOB 0.1
This has hit a few spams today. ymmv..
Ken A
Pacific.Net
> Jeff C.
> __
>
>>> -------- Original Message --------
>>> Subject: Re: [dns-operations] negative caching of throwaway spam domains
>>> Date: Thu, 22 Jun 2006 09:39:24 -0700
>>> From: Rick Wesson <we...@ar.com>
>>>
>>> I've created a DNSRBL called day-old-bread (ok you think of a good name
>>> for it) that contains a running list of domains registered in the last 5
>>> days. It lives at dob.sibl.support-intelligence.net.
>>>
>>> a test point is at
>>> test.dob.sibl.support-intelligence.com.dob.sibl.support-intelligence.net.
>>>
>>> the data set currently has just the last 2 days worth of domain
>>> registrations.
>>>
>>> The run rate will be around 5M domains for 5 days worth of registrations.
>>>
>>> I appreciate any thoughts on how useful this might be, and feel free to
>>> let others know the lists exists.
>
>
Re: [Fwd: Re: [dns-operations] negative caching of throwaway spam domains]
Posted by Jeff Chan <je...@surbl.org>.
On Thursday, June 22, 2006, 10:35:10 AM, Ken A wrote:
> Rick Wesson over at Alice's Registry has a dnsrbl listing recently
> registered domains (see below). I thought this might be of interest to
> SA users. Anyone used this, or other rbl with similar functions?
> Scoring?
> Accuracy?
> Thanks,
> Ken A
> Pacific.Net
Hi Ken,
I was corresponding with Rick about how to test this and was
going to suggest the developers add a test rule.
Jeff C.
__
>> -------- Original Message --------
>> Subject: Re: [dns-operations] negative caching of throwaway spam domains
>> Date: Thu, 22 Jun 2006 09:39:24 -0700
>> From: Rick Wesson <we...@ar.com>
>>
>> I've created a DNSRBL called day-old-bread (ok you think of a good name
>> for it) that contains a running list of domains registered in the last 5
>> days. It lives at dob.sibl.support-intelligence.net.
>>
>> a test point is at
>> test.dob.sibl.support-intelligence.com.dob.sibl.support-intelligence.net.
>>
>> the data set currently has just the last 2 days worth of domain
>> registrations.
>>
>> The run rate will be around 5M domains for 5 days worth of registrations.
>>
>> I appreciate any thoughts on how useful this might be, and feel free to
>> let others know the lists exists.
--
Jeff Chan
mailto:jeffc@surbl.org
http://www.surbl.org/
Re: [Fwd: Re: [dns-operations] negative caching of throwaway spam domains]
Posted by Jeff Chan <je...@surbl.org>.
On Thursday, June 22, 2006, 10:35:10 AM, Ken A wrote:
> Rick Wesson over at Alice's Registry has a dnsrbl listing recently
> registered domains (see below). I thought this might be of interest to
> SA users. Anyone used this, or other rbl with similar functions?
> Scoring?
> Accuracy?
> Thanks,
> Ken A
> Pacific.Net
Hi Ken,
I was corresponding with Rick about how to test this and was
going to suggest the developers add a test rule.
Jeff C.
__
>> -------- Original Message --------
>> Subject: Re: [dns-operations] negative caching of throwaway spam domains
>> Date: Thu, 22 Jun 2006 09:39:24 -0700
>> From: Rick Wesson <we...@ar.com>
>>
>> I've created a DNSRBL called day-old-bread (ok you think of a good name
>> for it) that contains a running list of domains registered in the last 5
>> days. It lives at dob.sibl.support-intelligence.net.
>>
>> a test point is at
>> test.dob.sibl.support-intelligence.com.dob.sibl.support-intelligence.net.
>>
>> the data set currently has just the last 2 days worth of domain
>> registrations.
>>
>> The run rate will be around 5M domains for 5 days worth of registrations.
>>
>> I appreciate any thoughts on how useful this might be, and feel free to
>> let others know the lists exists.
--
Jeff Chan
mailto:jeffc@surbl.org
http://www.surbl.org/