a Domain/URI Blacklist
ivmURI, is one of three invaluement DNSBLs. Please first read the discussion of goals and features shared by all 3 lists detailed on the invaluement Anti-Spam DNSBL page.
Mailadmin & SARE Ninja, Alex Broens said:
ivmURI has become another valuable spam detection layer which I highly recommend to my customers. Rob McEwen has done a great job in this niche and complements the already available resources, with minimal admin requirements - setup & it works!
founder of SURBL, Jeff Chan said:
We've enjoyed working with Rob McEwen on SURBL and expect his new DNSBL to aid in the identification of unsolicited messages in new ways.
ivmURI is the invaluement uri dnsbl. Aka a uri bl, this list includes those IPs and domain names which only appear in the body of unsolicited messages. ivmURI was developed by one of the long-time SURBL administrators, Rob McEwen, and is now considered to be one of the four top-tier URIBL/domain blacklists, along side SURBL, URIBL and SpamHauss new DBL list. In fact, the drop-off in quality after the four major URI blacklists (SURBL, URIBL, ivmURI, and DBL) is considerable. Simply put, there is no close fifth.
How can we know this? Besides having data from industry leaders backing up this claim, we are in a position to know and to judge because the founder and developer of ivmURI, Rob McEwen, has been an administrator for SURBL since June 2005 and continues to serve in that role. Therefore, Rob has an insiders knowledge of the inner workings of SURBL. (Rob was also a participant in the discussions which led to the formation of URIBL, and keeps close contact with some of the URIBL folks as well.) It was this hard won expertise that inspired the creation of ivmURI.
None of the four major URI/Domain blacklists (SURBL/URIBL/ivmURI/DBL) make any of the others obsolete because all block some spams missed by the others. Therefore, we consider all four to be indispensable. However, ivmURI could still be a huge help for some organizations who now suddenly find themselves unable to afford to subscribe one or more of the others. True, every one of these except for ivmURI is free for low-volume and/or non-profit usage. However, at some point, the other three require a subscription which is actually more expensive than an invaluement subscription. In contrast, because a subscription is required at all usage levels for the invaluement lists, we are then able to make our invaluement subscription prices much more reasonable than what other DNSBLs charge for rsync access. This is a huge help for those organizations which either (a) find themselves having to pay for access to the others due to licensing policies --OR-- (b) who have a high messaging volume which demands rysnc access to DNSBLs in order to benefit from the higher efficiency gained by serving DNSBLs locally. In either case, such organizations will find rsync to the invaluement lists surprisingly affordable.
Most importantly, ivmURI holds it own in comparision to other URIBL/Domain blacklists....
FOR EXAMPLE: Recently, a multi-national corporation with 60K employees gathered stats on ivmURI, SURBL, and URIBL. (DBL didn't exist until March 2010.) Their statistics showed that 72% of the spam blocked by SURBL was also blocked by ivmURI. Obviously, it is noteworthy that 28% of the spam blocked by SURBL was missed by ivmURI! However, (overall) in those statistics, ivmURI blocked more spam than both SURBL and URIBL, and had fewer false positives than both SURBL and URIBL. Additionally, for every 1 spam blocked by SURBL that ivmURI missed, there were 2 spams blocked by ivmURI that SURBL missed. Finally, ivmURI had the highest unique spams blocked (that being spams blocked by a URI blacklist which ALL other URI lists missed). In fact, ivmURI beat out the 2nd place URI blacklist in this uniques category (uribl.com) by a 2-to-1 margin. (details and raw data available upon request)
How does ivmURI fit into this mix of high quality URI DNSBLs?
ivmURI alone now accounts for 85% of all the spam we block, while maintaining an extremely low false positive rate.
- LOW FALSE POSITIVES: At least as low as SURBL and URIBL.
- UNIQUES: As stated, there are some series of spam listed only by ivmURI, or listed by ivmURI first. In fact, periodically a URI will get listed only on ivmURI, and then SURBL and/or URIBL and/or DBL will pick up that URI months later. (Of course, the reverse is true as well! Which is why every major URI/Domain Blacklist is very valuable and we use every such one we can access in our own spam filtering!)
SMALL MEMORY FOOTPRINT: ivmURI has a memory footprint which is much smaller than URIBL and vastly smaller than SURBL.
- This opens up possibilities for applications which require a smaller memory footprint URI BL!
- Interestingly, ivmURIs spam catch rate is at least as high as SURBL, URIBL, and DBL. So, in this case, having less data does not translate to less spam caught!
- FAST UPDATING: In situations where all four URI/domain blacklists have caught a new spammers domain at the same time (at the backend), ivmURI has one of the fastest turnaround times for getting that domain into circulation, for productive use. This helps catch new series of spam that havent had much time to get listed on all the various types of anti-spam clearinghouses and are, therefore, at high-risk for getting missed by many spam filters.
Examples of URIs caught by ivmURI,
but missed by SURBL and URIBL!
ivmURI is a URI (domain) DNSBL like SURBL or URIBL, with high effectiveness (comparable with URIBL/SURBL), extremely low false positives, and quick to list.
From CBL, the largest component of Spamhaus Zen & XBL lists -- see full quote on the cbl.abuseat.org web site!
NOTE: The DBL was not available when the following information was gathered. We will include DBL for another batch very soon.
The following is a tiny sampling of such messages. In this case, we took the last 500 message caught by ivmURI, waited 24 hours (to give SURBL and URIBL extra time to catch these). Extracted from that batch, below are the domains caught by ivmURI but missed (at that time) by surbl and uribl, even after giving them an extra 24 hours to catch up.
- Some of these web sites have been terminated by hosting providers by now. Also, some of these are listed on surbl and uribl by now!.
- This batch was collected on May 31, 2008. Fresher samples will be posted here from time to time.
- For each domain listed below, we have unsolicited messages on file with those domain names used in the messages links.
- Had we spotted URIBL and SURBL an extra 1 hour instead of 24 hours, this list would be much larger. And, as mentioned earlier, surbl and uribl also catch much spam missed by the other two URI BLs, including listing URIs missed by ivmURI... so this point cuts all three ways!
- Visit these web sites at your own risk since we haven't checked them for malicious exploits.
How to access the invaluement DNSBL?
Sign up here for an evaluation.
a Domain/URI Blacklist