Gadi, if your HTTP spam DNSBL gets working, we would certainly be interested in feeding our spam filter from it. It is my experience so far that comments spam is not very "botnetty" but more "boxy" - the proportion of the total we get from any single IP address is relatively high.
Actually, to put that better, rather than being evenly distributed over many IPs, a core-group of the IPs spamming us at any one time account for the bulk of it. 80/20 rule again
On Sun, 14 Jan 2007, Peter Corlett wrote:
>
> On 14 Jan 2007, at 13:27, Tony Finch wrote:
> [Blog spammers]
> > Most of the IP addresss you listed are are already on various DNS
> > blacklists.
>
> Ooh, now that is interesting. I had assumed that the DNSBLs only
> covered SMTP spam sources, but on reflection I suppose SMTP is a dead
> protocol these days in the wider Internet.
>
> For the benefit of those of us who have been lucky to Recover from
> ISP work and now herd blogs[0], would you be so kind as to share
> which blacklists are worthwhile and worth consulting on this front?
>
> [0] Before you ask, no, it's no easier, in fact arguably harder work,
> although the pay and hours are better. But yes, we're hiring.
>
Your assumption is incorrect. These DNSBLs cover spam sent in email,
indeed. Thing is, spam is spam and spammers are spammers. Meaning, they
spam in every way they can.
In my experience 20-70 per cent would be flagged by email DNSBLs. Not
accurate to filter out blog spam.
As in, bots will be bots.
I've been working on a new DNSBL for comment/etc. spam for a while, which
will be reliable, generally, it doesn't exist yet for public consumption.
There is such a black listing service already, but again, reliability is
an issue.
Gadi.