Gadi, if your HTTP spam DNSBL gets working, we would certainly be interested in feeding our spam filter from it. It is my experience so far that comments spam is not very "botnetty" but more "boxy" - the proportion of the total we get from any single IP address is relatively high. Actually, to put that better, rather than being evenly distributed over many IPs, a core-group of the IPs spamming us at any one time account for the bulk of it. 80/20 rule again On 1/14/07, Gadi Evron <ge@linuxbox.org> wrote:
On Sun, 14 Jan 2007, Peter Corlett wrote:
On 14 Jan 2007, at 13:27, Tony Finch wrote: [Blog spammers]
Most of the IP addresss you listed are are already on various DNS blacklists.
Ooh, now that is interesting. I had assumed that the DNSBLs only covered SMTP spam sources, but on reflection I suppose SMTP is a dead protocol these days in the wider Internet.
For the benefit of those of us who have been lucky to Recover from ISP work and now herd blogs[0], would you be so kind as to share which blacklists are worthwhile and worth consulting on this front?
[0] Before you ask, no, it's no easier, in fact arguably harder work, although the pay and hours are better. But yes, we're hiring.
Your assumption is incorrect. These DNSBLs cover spam sent in email, indeed. Thing is, spam is spam and spammers are spammers. Meaning, they spam in every way they can.
In my experience 20-70 per cent would be flagged by email DNSBLs. Not accurate to filter out blog spam.
As in, bots will be bots.
I've been working on a new DNSBL for comment/etc. spam for a while, which will be reliable, generally, it doesn't exist yet for public consumption.
There is such a black listing service already, but again, reliability is an issue.
Gadi.