Eric,

> There's one rule that will wipe out ~90% of spam, but nobody seems to have
> written it yet.
>
>  if URL IP addr is in China then score=100
>
> support for a generic lookup list of cidr blocks would get another 9%


I agree that geographically classifying the URL's embedded in the spams would be pretty slick, using the china.blackholes.us and cn-kr.blackholes.us RBLs has been pretty effective at reducing our spamload, as a supplement to the standard lookup services.

They do not descriminate between legit mails and spam mails from china.  Everything from those IP blocks gets classified as spam.  Luckily we don't ever get any client emails from those countries at this point and can use these filters without worrying about false-positives.  (I think the doubleclick.blackholes.us is pretty funny too)

There are others at:
http://www.blackholes.us/

Is anyone else out there using these blackholes?  I wonder how often they get updated.

Brian Battle
Confluence