Discuss

discuss@lists.surbl.org

1 participants
1864 discussions

Re: [SURBL-Discuss] Hello SURBL discussion board!
by Michele Neylon :: Blacknight 04 Apr '13

04 Apr '13

Ryan It's a mailing list not a discussion forum .. Anyway .. this isn't really the place where you're going to get answers on specific issues .. Regards Michele -- Mr Michele Neylon Blacknight Solutions Hosting & Colocation, Brand Protection http://www.blacknight.com/ http://blog.blacknight.com/ http://mneylon.tel/ Intl. +353 (0) 59 9183072 Locall: 1850 929 929 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 1 4811 763 Twitter: http://twitter.com/mneylon ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845 ________________________________________ From: Ryan Harris [ryan(a)sendgrid.com] Sent: 03 April 2013 16:15 To: discuss(a)lists.surbl.org Subject: [SURBL-Discuss] Hello SURBL discussion board! Hello, Thank you for having me on your discussion forum. SendGrid monitors outgoing links and checks with SURBL listings. We noticed yesterday several emails being flagged because emailonacid.com was listed by SURBL. I wanted to inquire about this and to hopefully gain some insight on why this domain was listed. Is there anything that SendGrid should be concerned about in regards to emailonacid.com. Today I don't see emails with this link being flagged, has the initial issue been resolved with emailonacid.com? Thank you for your time and your help. Ryan Harris Lead Abuse Engineer _______________________________________________ Discuss mailing list Discuss(a)lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss

5 5

Re: [SURBL-Discuss] Heads-up: m.surbl.org
by Steve Freegard 14 Mar '13

14 Mar '13

Hi Jeff, On 14/03/13 12:36, Jeff Chan wrote: > > Thanks much Steve, > I can duplicate the results, but it's actually for m4.surbl.org and > related nameservers. We've undelegated those until they can be fixed. > > Just got another report of this: [root@mx1 ~]# host -a msft.net.multi.surbl.org m.surbl.org. Trying "msft.net.multi.surbl.org" Using domain server: Name: m.surbl.org. Address: 216.143.70.135#53 Aliases: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31832 ;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;msft.net.multi.surbl.org. IN ANY ;; ANSWER SECTION: msft.net.multi.surbl.org. 180 IN A 127.0.0.4 msft.net.multi.surbl.org. 180 IN TXT "on lists [jp], See: http:// http:// http:// http:// http:// http:// http:// http:// http:// http:// http:// http:// http:// http:// http:// http:// http:// http:// http:// http:// http:// http:// http:// http:// http:// http:// http:// http:// http://www" Received 325 bytes from 216.143.70.135#53 in 46 ms I'm still seeing m.surbl.org in the NS list - I also note that the TTL means that it would take 24 hours for a change to be reflected anyway: [root@mx1 ~]# dig +trace multi.surbl.org ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6 <<>> +trace multi.surbl.org ;; global options: printcmd . 6936 IN NS b.root-servers.net. . 6936 IN NS c.root-servers.net. . 6936 IN NS d.root-servers.net. . 6936 IN NS e.root-servers.net. . 6936 IN NS f.root-servers.net. . 6936 IN NS g.root-servers.net. . 6936 IN NS h.root-servers.net. . 6936 IN NS i.root-servers.net. . 6936 IN NS j.root-servers.net. . 6936 IN NS k.root-servers.net. . 6936 IN NS l.root-servers.net. . 6936 IN NS m.root-servers.net. . 6936 IN NS a.root-servers.net. ;; Received 332 bytes from 127.0.0.1#53(127.0.0.1) in 1 ms org. 172800 IN NS b2.org.afilias-nst.org. org. 172800 IN NS d0.org.afilias-nst.org. org. 172800 IN NS b0.org.afilias-nst.org. org. 172800 IN NS a0.org.afilias-nst.info. org. 172800 IN NS a2.org.afilias-nst.info. org. 172800 IN NS c0.org.afilias-nst.info. ;; Received 435 bytes from 192.228.79.201#53(b.root-servers.net) in 43 ms surbl.org. 86400 IN NS ns100.surbl.org. surbl.org. 86400 IN NS ns101.surbl.org. surbl.org. 86400 IN NS ns200.surbl.org. surbl.org. 86400 IN NS ns201.surbl.org. surbl.org. 86400 IN NS ns300.surbl.org. surbl.org. 86400 IN NS ns301.surbl.org. surbl.org. 86400 IN NS ns302.surbl.org. ;; Received 341 bytes from 199.249.120.1#53(b2.org.afilias-nst.org) in 23 ms multi.surbl.org. 86400 IN NS l.surbl.org. multi.surbl.org. 86400 IN NS h.surbl.org. multi.surbl.org. 86400 IN NS b.surbl.org. multi.surbl.org. 86400 IN NS c.surbl.org. multi.surbl.org. 86400 IN NS k.surbl.org. multi.surbl.org. 86400 IN NS f.surbl.org. multi.surbl.org. 86400 IN NS a.surbl.org. multi.surbl.org. 86400 IN NS i.surbl.org. multi.surbl.org. 86400 IN NS n.surbl.org. multi.surbl.org. 86400 IN NS g.surbl.org. multi.surbl.org. 86400 IN NS m.surbl.org. multi.surbl.org. 86400 IN NS j.surbl.org. multi.surbl.org. 86400 IN NS e.surbl.org. multi.surbl.org. 86400 IN NS d.surbl.org. ;; Received 481 bytes from 94.228.131.210#53(ns100.surbl.org) in 123 ms multi.surbl.org. 180 IN SOA dev.null. zone.surbl.org. 1363274558 180 180 604800 180 ;; Received 82 bytes from 211.29.132.122#53(l.surbl.org) in 190 ms I also notice the zone serial is different across some of the mirrors (not sure if this is normal or not): [root@mx1 ~]# for i in `echo a b c d e f g h i j k l m n`; do echo -en "$i.surbl.org: "; host -t SOA multi.surbl.org $i.surbl.org | tail -n1; done a.surbl.org: multi.surbl.org has SOA record dev.null. zone.surbl.org. 1363275315 180 180 604800 180 b.surbl.org: multi.surbl.org has SOA record dev.null. zone.surbl.org. 1363275171 180 180 604800 180 c.surbl.org: multi.surbl.org has SOA record dev.null. zone.surbl.org. 1363275139 180 180 604800 180 d.surbl.org: multi.surbl.org has SOA record dev.null. zone.surbl.org. 1363275315 180 180 604800 180 e.surbl.org: multi.surbl.org has SOA record dev.null. zone.surbl.org. 1363275315 180 180 604800 180 f.surbl.org: multi.surbl.org has SOA record dev.null. zone.surbl.org. 1363275139 180 180 604800 180 g.surbl.org: multi.surbl.org has SOA record dev.null. zone.surbl.org. 1363275171 180 180 604800 180 h.surbl.org: multi.surbl.org has SOA record dev.null. zone.surbl.org. 1363275171 180 180 604800 180 i.surbl.org: multi.surbl.org has SOA record dev.null. zone.surbl.org. 1363275171 180 180 604800 180 j.surbl.org: multi.surbl.org has SOA record dev.null. zone.surbl.org. 1363275139 180 180 604800 180 k.surbl.org: multi.surbl.org has SOA record dev.null. zone.surbl.org. 1363275105 180 180 604800 180 l.surbl.org: multi.surbl.org has SOA record dev.null. zone.surbl.org. 1363275139 180 180 604800 180 m.surbl.org: Host multi.surbl.org not found: 5(REFUSED) n.surbl.org: multi.surbl.org has SOA record dev.null. zone.surbl.org. 1363275171 180 180 604800 180 Cheers, Steve.

2 2

Re: [SURBL-Discuss] Heads-up: m.surbl.org
by Steve Freegard 14 Mar '13

14 Mar '13

Jeff, After I hit send on the last message - I suddenly realised what you meant by m4.surbl.org: [root@mx1 ~]# host m.surbl.org m.surbl.org has address 64.73.0.23 m.surbl.org has address 64.73.128.55 m.surbl.org has address 188.40.23.68 m.surbl.org has address 216.143.70.135 m4 being the 4th host 216.143.70.135 and I can see it's no longer being sent: [root@mx1 ~]# host m.surbl.org ns100.surbl.org Using domain server: Name: ns100.surbl.org Address: 94.228.131.210#53 Aliases: m.surbl.org has address 188.40.23.68 m.surbl.org has address 64.73.0.23 m.surbl.org has address 64.73.128.55 But it's still in my cache due to the 1 day TTL on the record, so I've had to restart the cache to prevent the false positives. Sorry for the noise. Cheers, Steve. On 14/03/13 15:39, Steve Freegard wrote: > Hi Jeff, > > On 14/03/13 12:36, Jeff Chan wrote: >> >> Thanks much Steve, >> I can duplicate the results, but it's actually for m4.surbl.org and >> related nameservers. We've undelegated those until they can be fixed. >> >> > > Just got another report of this: > > [root@mx1 ~]# host -a msft.net.multi.surbl.org m.surbl.org. > Trying "msft.net.multi.surbl.org" > Using domain server: > Name: m.surbl.org. > Address: 216.143.70.135#53 > Aliases: > > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31832 > ;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;msft.net.multi.surbl.org. IN ANY > > ;; ANSWER SECTION: > msft.net.multi.surbl.org. 180 IN A 127.0.0.4 > msft.net.multi.surbl.org. 180 IN TXT "on lists [jp], See: > http:// http:// http:// http:// http:// http:// http:// http:// > http:// http:// http:// http:// http:// http:// http:// http:// > http:// http:// http:// http:// http:// http:// http:// http:// > http:// http:// http:// http:// http://www" > > Received 325 bytes from 216.143.70.135#53 in 46 ms > > I'm still seeing m.surbl.org in the NS list - I also note that the TTL > means that it would take 24 hours for a change to be reflected anyway: > > [root@mx1 ~]# dig +trace multi.surbl.org > > ; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6 <<>> +trace > multi.surbl.org > ;; global options: printcmd > . 6936 IN NS b.root-servers.net. > . 6936 IN NS c.root-servers.net. > . 6936 IN NS d.root-servers.net. > . 6936 IN NS e.root-servers.net. > . 6936 IN NS f.root-servers.net. > . 6936 IN NS g.root-servers.net. > . 6936 IN NS h.root-servers.net. > . 6936 IN NS i.root-servers.net. > . 6936 IN NS j.root-servers.net. > . 6936 IN NS k.root-servers.net. > . 6936 IN NS l.root-servers.net. > . 6936 IN NS m.root-servers.net. > . 6936 IN NS a.root-servers.net. > ;; Received 332 bytes from 127.0.0.1#53(127.0.0.1) in 1 ms > > org. 172800 IN NS b2.org.afilias-nst.org. > org. 172800 IN NS d0.org.afilias-nst.org. > org. 172800 IN NS b0.org.afilias-nst.org. > org. 172800 IN NS a0.org.afilias-nst.info. > org. 172800 IN NS a2.org.afilias-nst.info. > org. 172800 IN NS c0.org.afilias-nst.info. > ;; Received 435 bytes from 192.228.79.201#53(b.root-servers.net) in 43 ms > > surbl.org. 86400 IN NS ns100.surbl.org. > surbl.org. 86400 IN NS ns101.surbl.org. > surbl.org. 86400 IN NS ns200.surbl.org. > surbl.org. 86400 IN NS ns201.surbl.org. > surbl.org. 86400 IN NS ns300.surbl.org. > surbl.org. 86400 IN NS ns301.surbl.org. > surbl.org. 86400 IN NS ns302.surbl.org. > ;; Received 341 bytes from 199.249.120.1#53(b2.org.afilias-nst.org) in > 23 ms > > multi.surbl.org. 86400 IN NS l.surbl.org. > multi.surbl.org. 86400 IN NS h.surbl.org. > multi.surbl.org. 86400 IN NS b.surbl.org. > multi.surbl.org. 86400 IN NS c.surbl.org. > multi.surbl.org. 86400 IN NS k.surbl.org. > multi.surbl.org. 86400 IN NS f.surbl.org. > multi.surbl.org. 86400 IN NS a.surbl.org. > multi.surbl.org. 86400 IN NS i.surbl.org. > multi.surbl.org. 86400 IN NS n.surbl.org. > multi.surbl.org. 86400 IN NS g.surbl.org. > multi.surbl.org. 86400 IN NS m.surbl.org. > multi.surbl.org. 86400 IN NS j.surbl.org. > multi.surbl.org. 86400 IN NS e.surbl.org. > multi.surbl.org. 86400 IN NS d.surbl.org. > ;; Received 481 bytes from 94.228.131.210#53(ns100.surbl.org) in 123 ms > > multi.surbl.org. 180 IN SOA dev.null. zone.surbl.org. > 1363274558 180 180 604800 180 > ;; Received 82 bytes from 211.29.132.122#53(l.surbl.org) in 190 ms > > I also notice the zone serial is different across some of the mirrors > (not sure if this is normal or not): > > [root@mx1 ~]# for i in `echo a b c d e f g h i j k l m n`; do echo > -en "$i.surbl.org: "; host -t SOA multi.surbl.org $i.surbl.org | tail > -n1; done > a.surbl.org: multi.surbl.org has SOA record dev.null. zone.surbl.org. > 1363275315 180 180 604800 180 > b.surbl.org: multi.surbl.org has SOA record dev.null. zone.surbl.org. > 1363275171 180 180 604800 180 > c.surbl.org: multi.surbl.org has SOA record dev.null. zone.surbl.org. > 1363275139 180 180 604800 180 > d.surbl.org: multi.surbl.org has SOA record dev.null. zone.surbl.org. > 1363275315 180 180 604800 180 > e.surbl.org: multi.surbl.org has SOA record dev.null. zone.surbl.org. > 1363275315 180 180 604800 180 > f.surbl.org: multi.surbl.org has SOA record dev.null. zone.surbl.org. > 1363275139 180 180 604800 180 > g.surbl.org: multi.surbl.org has SOA record dev.null. zone.surbl.org. > 1363275171 180 180 604800 180 > h.surbl.org: multi.surbl.org has SOA record dev.null. zone.surbl.org. > 1363275171 180 180 604800 180 > i.surbl.org: multi.surbl.org has SOA record dev.null. zone.surbl.org. > 1363275171 180 180 604800 180 > j.surbl.org: multi.surbl.org has SOA record dev.null. zone.surbl.org. > 1363275139 180 180 604800 180 > k.surbl.org: multi.surbl.org has SOA record dev.null. zone.surbl.org. > 1363275105 180 180 604800 180 > l.surbl.org: multi.surbl.org has SOA record dev.null. zone.surbl.org. > 1363275139 180 180 604800 180 > m.surbl.org: Host multi.surbl.org not found: 5(REFUSED) > n.surbl.org: multi.surbl.org has SOA record dev.null. zone.surbl.org. > 1363275171 180 180 604800 180 > > Cheers, > Steve.

1 0

Heads-up: m.surbl.org
by Steve Freegard 14 Mar '13

14 Mar '13

Quick heads up for the admins here - m.surbl.org mirror appears to serving incorrect data: [root@mx1 ~]# host -t TXT com.multi.surbl.org a.surbl.org Using domain server: Name: a.surbl.org Address: 208.201.249.252#53 Aliases: Host com.multi.surbl.org not found: 3(NXDOMAIN) [root@mx1 ~]# host -t TXT com.multi.surbl.org m.surbl.org Using domain server: Name: m.surbl.org Address: 216.143.70.135#53 Aliases: com.multi.surbl.org descriptive text "Blocked, allmydomain . com on lists [jp], See: http://www.surbl.org/lists.html" com.multi.surbl.org descriptive text "Blocked, carlosmake . com on lists [ws], See: http://www.surbl.org/lists.html" com.multi.surbl.org descriptive text "on lists [ws], See: http://www.surbl.org/lists.html" Cheers, Steve.

2 1

Yahoo Single-Link spam
by Dan Mahoney, System Admin 11 Mar '13

11 Mar '13

Hey all, I'm getting a lot of single-link spam from Yahoo -- seems to be via compromised accounts, mostly (as in, via an account that my address would be in the addressbook of). It's coming through legitimately via the Yahoo servers, with DKIM signatures intact and all. As the message body is purely a link (at least, the text-plain portion is), this is an ideal job for SURBL and pretty hard for most other content matching. One such example (spaces added by me): http://dark turn ip.com/sxduvb/dgemdczfcmc/lzuc.php Yahoo seem to be absolutely braindead about spam reporting on these compromised accounts. So much so that I wrote a blog about it: http://gushi.livejournal.com/588829.html I could easily create a SpamAssassin or Procmail rule to block these messages, but I think it makes sense to make better use of this data. I often report things that get through SpamAssassin to SpamCop, which I understand feeds SURBL, but as SpamCop has to wait for me to go hit their webpage, this introduces a lag that need not be present, ergo I'm happy to feed traps directly from my system procmailrc -- where I have a couple hundred friends-and-family domains. Anyone interested? -Dan -- --------Dan Mahoney-------- Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org ---------------------------

1 0

Inquiry regarding pabular.com
by Klaus Byskov Hoffmann 14 Dec '12

14 Dec '12

Hi surbl, I have an inquiry regarding my domain pabular.com. I don't know if this is the right place to ask, so bare with me if this is off topic. I recently launched a website on the domain pabular.com, and it was brought to my attention that my site has a very low Web Of Trust (WOT) score. Upon visiting the WOT website I could see that my site had been added to the SURBL Outblast URI blacklist, on October 6. 2012. So I went to the surbl.orgwebsite and made a lookup of the domain, only to find that the domain is not blacklisted. So I have the following questions: 1) I have never hosted any malware, and the only http server the domain has ever pointed to in the years I have owned it, are the google app engine servers. I don't remember the exact date when I set up DNS to point to the google app engine servers, but it might have been around October 6. Is it a known issue that domains pointing to google app engine servers are blacklisted for hosting malware? 2) WOT tell me that they update so-called scorecard within 24 hours of being notified about a removal from a list. This has not happened for my domain, so I'm interested in knowing when my domain was removed from the Outblast URI blacklist. Thank you for any information you can provide on this issue. Kind regards, Klaus Byskov Hoffmann

2 1

Re: [SURBL-Discuss] (no subject)
by Simon Kokis 19 Nov '12

19 Nov '12

http://remda.org/page_facebook.php?j=d5a4h8b8l0

1 0

URL Shortener Abuse Data
by Ron Guerin 23 Mar '12

23 Mar '12

I am making this available in the event it is interesting or useful to someone. It is a really rough first effort, and I expect to do something more useful with it as time goes on. With the caveat that this should be considered "experimental data", I have finally begun to publish some abuse data. This data is presently re-generated hourly. http://tighturl.com/tighturl-abuse-ips.csv http://tighturl.com/tighturl-abuse-domains.csv The IP addresses are those that have submitted URLs that have been banned at tighturl.com within the last 7 days. They are in the format: unixtimestamp,IPv4address The domains are base domains[1] that have been banned from tighturl.com or have been submitted by currently banned IP addresses within the last 7 days. They are in the format: unixtimestamp,basedomain I have not found over time that an IP address that submits abuse also submits non-abuse. I'm interested in comments or suggestions. - Ron [1] Based upon http://www.surbl.org/tld/two-level-tlds and http://www.surbl.org/tld/three-level-tlds

2 2

rbldnsd & IPv6?
by Dave Funk 17 Feb '12

17 Feb '12

Anybody have experience running rbldnsd (serving surbl zones) on IPv6 addresses? Clearly the data -in- the zones are IPv4 values but the servers can communicate using IPv6 addresses. I'm in the process of a general config refresh & IPv6 deployment and noticed that the surbl dns servers lists that my copies are in (a.surb.org & b.surbl.org) only contain IPv4 addrs (A records), no AAAA records. So is this just inertial or is there a reason for not listing IPv6 addrs for rbldnsd servers? I did a local test with rbldnsd-0.996b on SLES11-SP1 and it seems to run/answer on IPv6 just fine. Dave -- Dave Funk University of Iowa <dbfunk (at) engineering.uiowa.edu> College of Engineering 319/335-5751 FAX: 319/384-0549 1256 Seamans Center Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527 #include <std_disclaimer.h> Better is not better, 'standard' is better. B{

4 4

Removal request from WS blacklist
by Informes 31 Aug '11

31 Aug '11

Hi, We've just submitted a removal request for our domain aldaniti.net using lookup page in surbl.com. We send an email with all the information about our company and we explain that we do e-mail marketing actively for those who previously agreed and accepted to receive this kind of e-mail. But our domain is still in the blacklist. Is there anyway to know why are we being listed in ws.surbl.org blacklist? How long will it take for our domain to be removed from the list? In case we will be delisted, will there be any email notification? Regards, Aldaniti Team.

3 2

← Newer
1
2
3
4
5
6
7
...
187
Older →

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Discuss