Slashdot Mirror

← Back to Stories (view on slashdot.org)

A New Type Of Realtime Blocklist: The SURBL

Posted by timothy on from the chicken-egg-spam dept.

Glamdrlng writes "The SURBL, or "Spam URI Realtime Blocklist", represents a nexus of RBL's and content filtering that may bring us one step closer to a spam magic bullet. While traditional RBL's perform a DNS lookup on the connecting mail server, SURBL's take this a step further by parsing the text of the email looking for URI's and doing a lookup on those web servers. They also prevent "joe jobs" by maintaining a whitelist of legitimate web servers whose domain names may show up in spam messages, e.g. EBay, Paypal, Microsoft, etc. The only requirement to implement the SURBL is a plugin on your MTA such as spamassassin that can parse the body of each email. While there is no MTA that directly supports SURBL's without a plugin, the author hints at one being in development."

4 of 219 comments (clear)

  1. It's a great idea by Rapid+Home+Offer · · Score: 5, Informative

    Combine it with spamassassin, and you can whitelist emails from companies that you want to recieve email from. Heck, with spamassassin you can give it a very small weight, and adjust the results manually. Every bit of extra information helps, and just ignoring it because it is compiled by somebody else doesn't make sense to me.

  2. sendmail internal RBL by mabu · · Score: 5, Informative

    A good way to start if you're running your own mailserver is to use an internal IP-based blacklist such as the one found here. It's incomplete due to Geocities limitations but send e-mail to that account and the guy running it will send you the whole file. It's a list that he's been compiling now for more than a year of IP blocks, mostly class Bs, that have virtually no useful SMTP traffic and should be completely cut off. This generally consists of the vast majority of Chinese, Korean and Brazillian DULs.

    We've been able to effectively stop about 50% of the spam using these lists and save resources and bandwidth. What's left is to start RBL'ing the domestic DUL IP space (Comcast, SWBell, Bellsouth, etc.) on a class B-level until the ISPs start cracking down on their rogue users.

  3. Counter-attacks are bad-- read this summary by joelparker · · Score: 5, Informative
    Counter-attacks are bad--
    check this summary of spam methods.

    http://netextend.com/junkmail

    ........

    Overview

    • What is Junk Mail?
    • Why Send Junk Mail?
    • How Bad is the Junk Mail Problem?
    • What is Needed?

    Solutions

    • Blacklists
    • Whitelists
    • Greylists
    • Adaptive Filters
    • Challenge-Response
    • Counter-Attacks
    • Tagging
    • Fake Honeypots, Tarpits, Spamholes
    • Sender Policy Framework (SPF)
    • Personal Digital Signatures
    • Internet Mail 2000 (IM2000)

    Conclusion

  4. Already in use by MT-Blacklist by santiago · · Score: 5, Informative

    This exact method is the basis of the MT-Blacklist comment-spam prevention system for Movable Type-based blogs. It works wonderfully, as it identifies spam on the basis of the one feature it must have to be successful--a link back to the spammer's site.