Re: Improving SpamCopURI

[Justin Mason <jm...@jmason.org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Jeff Chan writes:
> On Monday, April 5, 2004, 7:36:47 AM, Marc Perkel wrote:
> > Also - is there a way to feed back to the system new URIs for the list?
> > A URI reporting system?
> 
> There is no way to report URIs directly to SURBL currently.  The
> best way is to report them in spams to SpamCop.  It's indirect
> but does the right thing if enough people do likewise and report
> the same domain a few more times.
> 
> That said, I'm reworking the thresholding and retention system
> to probably make the threshold much lower for known spam domain
> IPs and Name servers as Daniel Quinlan suggested.
> 
> After watching the data for a while I think a longer general
> retention of say 10 days might be a good idea to catch reports
> over more than a week.  For known spam gang domains/name
> servers/IPs we could make the retention a whole lot longer.
> And domains that get dozens to hundreds of reports should
> probably also be watched a lot longer using a longer retention.
> Domains that get reported most probably deserve the most
> attention through longer retention and perhaps a lower
> inclusion threshold.

yeah, good plan.

> We would get external "known bad guys" data from other RBLs in
> order to adjust thresholds and expirations, but the inclusion of
> a domain in SURBL would still be triggered by SpamCop URI
> reports.  But the trigger point would be lower for "bad guys".
> This was a good suggestion from Daniel.
> 
> Are there any RBLs that are widely regarded as good indicators of
> spam gang/spamhaus IPs other than SBLs?

hmm, I think SBL's pretty much the only one that seems to be reliable...

> Also, can anyone help us set up (or know where we can set up)
> a discussion forum for SURBL?  We'd like to use it as a "star
> chamber" for anti-spam veterans to join us in judging incoming
> spam domains reaching the threshold to decide whether they belong
> to spammers or are a false alarm and should be whitelisted.
> We could also have blacklist recommendations and other discussion
> there.  At this point we may need the help a community could
> bring to help run things with SURBL.

I'd strongly suggest setting up a project at sourceforge.net --
that's the best infrastructure I've found so far for the "early
days" stuff.  (once it gets bigger, you could take it off if you
like, but early on, the sf.net stuff works great IMO.)

- --j.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Exmh CVS

iD8DBQFAcg/SQTcbUG5Y7woRAhFLAJ0eC2cRmuRq5mWSSulTifZomoJMxACg2MHz
Zyh9gGcMNo93yzkRkZH2r1o=
=un4+
-----END PGP SIGNATURE-----

Spam BBS Discussion Site - phpbb

[Marc Perkel <ma...@perkel.com>]

Many months ago I created a spam discussion system on my server just for 
this sort of thing using phpbb. I never really promoted it and it never 
took off - but take a look and see what you think.

http://spam.ctyme.com

Jeff Chan wrote:

>publically available somewhere other than my server, but I'm
>mainly looking for a discussion forum that I can automatically
>feed domains to and have a spam vs ham poll on whether a domain
>needs to be whitelisted, or perhaps pushed along for inclusion.
>At this point I'm somewhat more interested in the use of the
>data than software development, though I continue to work on
>both.  sf has a very simple board that could be used to get
>things started, but with a lot of manual intervention and no
>polling. 
>
>Eric Kolve suggested off list to check out phorum.org, phpnuke,
>or phpbb, but I was hoping to find an existing board which
>supported these features.  He also mentions Razor which
>apparently includes reputation points for vetting members,
>etc.  I'm not too up on the latest collaborationware/board
>software, so the suggestions are interesting, though again
>I'd prefer to set things up on an existing board somewhere.
>Thus the query if anyone knew any appropriate existingones.
>
>Interestingly Eric suggests a completely open alternative
>(with vetting and pre-seeding) to Daniel Quinlan's more secret
>meeting place proposal.
>
>Jeff C.
>  
>
> I'll probably put my tarball up on sf, just to make sure it's

Re: Improving SpamCopURI

[Jeff Chan <je...@surbl.org>]

On Monday, April 5, 2004, 7:02:58 PM, Justin Mason wrote:
> Jeff Chan writes:
>> After watching the data for a while I think a longer general
>> retention of say 10 days might be a good idea to catch reports
>> over more than a week.  For known spam gang domains/name
>> servers/IPs we could make the retention a whole lot longer.
>> And domains that get dozens to hundreds of reports should
>> probably also be watched a lot longer using a longer retention.
>> Domains that get reported most probably deserve the most
>> attention through longer retention and perhaps a lower
>> inclusion threshold.

> yeah, good plan.

>> We would get external "known bad guys" data from other RBLs in
>> order to adjust thresholds and expirations, but the inclusion of
>> a domain in SURBL would still be triggered by SpamCop URI
>> reports.  But the trigger point would be lower for "bad guys".
>> This was a good suggestion from Daniel.
>> 
>> Are there any RBLs that are widely regarded as good indicators of
>> spam gang/spamhaus IPs other than SBLs?

> hmm, I think SBL's pretty much the only one that seems to be reliable...

Thanks for your feedback on both issues!

>> Also, can anyone help us set up (or know where we can set up)
>> a discussion forum for SURBL?  We'd like to use it as a "star
>> chamber" for anti-spam veterans to join us in judging incoming
>> spam domains reaching the threshold to decide whether they belong
>> to spammers or are a false alarm and should be whitelisted.
>> We could also have blacklist recommendations and other discussion
>> there.  At this point we may need the help a community could
>> bring to help run things with SURBL.

> I'd strongly suggest setting up a project at sourceforge.net --
> that's the best infrastructure I've found so far for the "early
> days" stuff.  (once it gets bigger, you could take it off if you
> like, but early on, the sf.net stuff works great IMO.)

I'll probably put my tarball up on sf, just to make sure it's
publically available somewhere other than my server, but I'm
mainly looking for a discussion forum that I can automatically
feed domains to and have a spam vs ham poll on whether a domain
needs to be whitelisted, or perhaps pushed along for inclusion.
At this point I'm somewhat more interested in the use of the
data than software development, though I continue to work on
both.  sf has a very simple board that could be used to get
things started, but with a lot of manual intervention and no
polling. 

Eric Kolve suggested off list to check out phorum.org, phpnuke,
or phpbb, but I was hoping to find an existing board which
supported these features.  He also mentions Razor which
apparently includes reputation points for vetting members,
etc.  I'm not too up on the latest collaborationware/board
software, so the suggestions are interesting, though again
I'd prefer to set things up on an existing board somewhere.
Thus the query if anyone knew any appropriate existingones.

Interestingly Eric suggests a completely open alternative
(with vetting and pre-seeding) to Daniel Quinlan's more secret
meeting place proposal.

Jeff C.
-- 
Jeff Chan
mailto:jeffc@surbl.org-nospam
http://www.surbl.org/