Mailing List SIMS@mail.stalker.com Message #15376
From: Bill Cole <listbill@scconsult.com>
Subject: Re: forwarding spamtraps to an RBL?
Date: Thu, 16 Nov 2006 16:54:59 -0500
To: SIMS Discussions <SIMS@mail.stalker.com>
At 2:15 PM -0500 11/16/06, Charles Mangin  imposed structure on a stream of electrons, yielding:
i understand several of the RBLs maintain their own spamtraps to update their lists with newly exploited or zombied IPs. these addresses are kept secret for obvious reasons.

what i wonder, though, is there an RBL out there somewhere that i can submit or redirect my spamtrap addresses to, that would then add the IPs i'm getting messages from?

None worth using. SpamCop does some work with third-party traps, but I don't believe that they take small-scale feeds.

There's a difference between being certain that a particular piece of mail from a particular IP address is not legitimate and knowing that a significant fraction of everyone's mail from that IP address is spam. The canonical example is a legitimate mailing list system, which might hit a trap address with a subscription confirmation message. There's always a chance of accidental mail to *any* address, and I don't think anyone should be using a DNSBL for listing addresses subject to accident, since you can get identical coverage by just accepting no mail.

it seems that a lot of my spam lately has been pump-and-dump messages generated from some botnet or other, and i get the messages before the RBLs spamtraps do, or before any of the 5 RBLs i subscribe to update with those IPs.

If you're using the SBL-XBL list at Spamhaus you might find better results from cbl.abuseat.org and the SBL as distinct lists. The CBL is the most useful source data for the Spamhaus XBL, and has a slight lead time.

The SpamCop list (see www.spamcop.net) is the quickest on the trigger, but it has risks that a lot of people cannot tolerate, like a habit of listing IP's used by major ISP's for outbound mail. The cost of fast listing is that a list has to be automated, and SpamCop's automation makes no exceptions for spam sources that also send a lot of valid mail.

what i guess i'm looking for is a place that says "send us your spam, we'll make sure nobody else gets it." i've looked around and haven't found such an RBL, but i wonder if the folks on this list have heard of one.

SpamCop has that effect, but I can't recommend it.

More careful and useful approaches for collaborative spam filtering include Vipul's Razor (http://razor.sourceforge.net/) and DCC (http://www.rhyolite.com/anti-spam/dcc/) but whether you find either useful may depend on whether you're using SIMS or whether you're just left here by inertia...



--
Bill Cole                                  bill@scconsult.com

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster