We have been having an increase in the number of phishing messages that slip through our antispam solution. We currently use Can-IT which includes an instance of SpamAssasin which has active scanning on for SURBL.
We recognize that no current solution is going to be 100% effective - however one of the most recent phishing messages that got through was for a link which appeared to already be in phishtank.com data (see http://www.phishtank.com/phish_detail.php?phish_id=1068849)
We had been working to see if we could incorporate phishtank.com data in the Can-IT environment to add one more source of blocks for these messages to plug some more holes when we noticed per http://www.phishtank.com/friends.php that SURBL appeared to already be listed as using (in some way) phishtank data.
We presumed that http://www.surbl.org/lists.html#ph probably used it - but tests seem to have test messages with that url receiving no points inbound.
Further testing on the SURBL lookup returned that w3t.org wasn't listed (which makes sense as the underlying url above is a shortener so it's only the extended url that is listed in phishtank and worth flagging on - does SURBL only accept root domains for listing?
Basically we're just trying to figure out if this is a config error on our part or a misunderstanding on our part of how SURBL uses phishtank.com data and/or classifies reported phishing sites and subdirectories in the first place.
Thanks in advance for any insight!
Ken Johnson
Information Technology
LeTourneau University
Hello,
My domain is Sandestin.com. We are having some issues of our emails being blocked as spam. The message is 552 tin.com found in SURBL: Blocked, tin.com on lists [ws], See: http://www.surbl.org/lists.html. My domain isn't on the lookup but tin.com. Where do you think this issue lies? Is it SURBL or the spam filtering that is using surbl?
David Fletcher
I.T. Dept