Discuss

discuss@lists.surbl.org

1862 discussions

Add Vanuatu (.vu) to countries?
by John Lundin 24 Aug '04

24 Aug '04

Using SpamCopURI, ws.surbl.org FP'ed some mail from Fedora-List. http://dirk-wendland.deMUNGED.vu/ (a personal webpage in a sig). WS contains deMUNGED.vu. But they're a registrar. (.vu is Vanuatu.) So perhaps SURBL should whitelist de.vu and check at third level? -- lundin(a)fini.net "Not only did we get you an apple with a mouse like you asked, we also got you a banana with a lizard."

4 5

WS & DS FP?
by Bill Landry 24 Aug '04

24 Aug '04

Included in an "IT World" newsletter (www.itworld.com) is the content below that included clickaction.MUNGEDnet: ========== <! ATTENTION!> <! You are reading this message because your mail reader cannot display HTML.> <! If you would prefer to receive text messages from now on,> <! click the link below or copy it into a web browser.> <! https://secure.clickaction.MUNGEDnet/ClickAction?func=S_TurnOffHtml&partnam… ========== It was tagged by both WS and DS. Should this domain be whitelisted and/or removed from these SURBLs? Bill

3 3

[SURBL-Discuss] Geturi 1.4 released! (The SURBL URI classification helper)
by Ryan Thompson 24 Aug '04

24 Aug '04

Finally. I've been taunting you poor folks for weeks, now. :-) Here it is: http://ry.ca/geturi/ -- geturi v1.4 >From the DESCRIPTION: geturi is designed to process a directory containing a list of RFC822 messages (one message per file). It analyses each message, attempts to strip out as many unclickable URIs as possible, and then compiles the list of found URIs, putting HTML output on STDOUT. What I'd *like* to see are a bunch of people using this, and some suggestions for improvement (I already have quite a few, some of which are in the TODO section of the documentation). I'd call this alpha code at the moment, for want of testers, but I don't know of any huge bugs. Feedback more than welcome! - Ryan -- Ryan Thompson <ryan(a)sasknow.com> SaskNow Technologies - http://www.sasknow.com 901-1st Avenue North - Saskatoon, SK - S7K 1Y4 Tel: 306-664-3600 Fax: 306-244-7037 Saskatoon Toll-Free: 877-727-5669 (877-SASKNOW) North America

2 2

whitelist rm04.net and rm02.net?
by Jeff Chan 24 Aug '04

24 Aug '04

We've had a request to whitelist rm04.net and rm02.net. Does anyone know anything about them? They seem to belong to: > SilverPOP Systems > (DOM-151479) > 200 Galleria Parkway > Suite 750 Atlanta > GA > 30339 US And reportedly appeared in a newsletter belonging to: Altiris http://www.altiris.com Comments? Jeff C.

1 1

Phish via "previewmysite.com"
by David B Funk 24 Aug '04

24 Aug '04

Found a citibank phish that used a redirect thru go.msn.com to 'zach.com.previewmysite.com' (see attached message). Is previewmysite.com guilty or an innocent open site that is being exploited? -- Dave Funk University of Iowa <dbfunk (at) engineering.uiowa.edu> College of Engineering 319/335-5751 FAX: 319/384-0549 1256 Seamans Center Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527 #include <std_disclaimer.h> Better is not better, 'standard' is better. B{

1 0

Gee Whiz to support SURBL
by Chris Santerre 24 Aug '04

24 Aug '04

I kind of keep tabs on these guys from time to time. Since they had started using SARE rules in their commercial product. Looks like their new version will support SURBL. Jeff you might want to drop them a "Hey there!" email. http://www.omni-ts.com/Forum/ShowPost.aspx?PostID=2913 Chris Santerre System Admin and SARE Ninja http://www.rulesemporium.com http://www.surbl.org 'It is not the strongest of the species that survives, not the most intelligent, but the one most responsive to change.' Charles Darwin

2 1

Fwd: fps
by Jeff Chan 23 Aug '04

23 Aug '04

Got some more FPs from someone who wanted to be anonymous. These are on WS: Date: Saturday, August 21, 2004, 12:37:45 PM Subject: fps bridgetrack.com (used by nytimes.com) elabs.com (EASTERN LABORATORIES INC.) mfcreative.com (ancestry.com/myfamily.com/rootsweb.com, Genealogy ad) secureserver.net (in message containing godaddy.com) dnews.com (Moscow-Pullman Daily News) spinpalace.com (appeared in xe.com currency update mailing list) I'd like some help deciding on these, though they look legtimate to me. We may need to develop a more formal procedure for handling FP reports.... Any suggestions or implementations would be welcomed. Maybe something like a trouble ticket system would be useful. Jeff C. -- Jeff Chan mailto:jeffc@surbl.org http://www.surbl.org/

4 6

FP help please
by Jeff Chan 23 Aug '04

23 Aug '04

Can I get some research help in deciding which of the following FPs to whitelist? > Date: Sat, 21 Aug 2004 10:06:57 -0400 > From: John Lundin <lundin(a)cavtel.net> > To: SURBL Discussion list <discuss(a)lists.surbl.org> > Subject: [SURBL-Discuss] more possible FPs (2 OB, 4 WS and 2 DS) > Eight possible FPs. These were taken from items reported as non-spam. > The "nanas" number is raw matches on the domain from google groups. > Use your own judgement... > > OB: www.mercenariesthegameMUNGED.com (nanas 0) > mentioned in a lucasarts review > > OB: www.jmiequityMUNGED.com (nanas 0) > mentioned in a Dow Jones newsletter > The original wasn't caught by OB, but it shows up now. > > WS: Wireless.VentureReporterMUNGED.net (nanas 9) A stock newsletter. > I checked back: it really had been subscribed to. > > WS: nmailerMUNGED.com (nanas 36) Design center newsletter. > http://ellington.nmailerMUNGED.com/mailman/listinfo/dtgnews > > WS: www.imakenewsMUNGED.com (nanas 42) organization newsletter. > http://www.imakenewsMUNGED.com/cabf/ (+ cleaned user tracking) > imakenews makes me nervous... intrusive html. > > WS: ntcrMUNGED.us (nanas 43, some similar) Jupitermedia Web Events. > (origin of mailing list -- appearance in unsubscribe disclaimer) > (Site won't display for me, insufficiently motivated to find out why > it said "Your Web browser must have cookies enabled" regardless.) (DS hits ignored) > Date: Saturday, August 21, 2004, 12:37:45 PM > Subject: fps > > bridgetrack.com (used by nytimes.com) > elabs.com (EASTERN LABORATORIES INC.) > mfcreative.com (ancestry.com/myfamily.com/rootsweb.com, Genealogy ad) > secureserver.net (in message containing godaddy.com) > dnews.com (Moscow-Pullman Daily News) > > spinpalace.com (appeared in xe.com currency update mailing list) Jeff C.

2 3

FP on WS?
by Bill Landry 23 Aug '04

23 Aug '04

Several of our customers subscribe to a newsletter from www.golfonline.com. This last one contained a link to www.bullysports.com, which is listed on WS. Seems like a legit site, so I just wanted to pass it by all of you to see if it should be whitelisted and/or removed from WS. Bill

2 1

RE: [SURBL-Discuss] FP help please
by Chris Santerre 23 Aug '04

23 Aug '04

I would REMOVE spinpalace only. Do not whitelist. Place on watch list. I agree with your other whitelists. >-----Original Message----- >From: Jeff Chan [mailto:jeffc@surbl.org] >Sent: Monday, August 23, 2004 4:53 AM >To: SURBL Discuss >Cc: postmaster(a)outblaze.com >Subject: Re: [SURBL-Discuss] FP help please > > >On Sunday, August 22, 2004, 10:18:03 PM, Jeff Chan wrote: >> Can I get some research help in deciding which of the >> following FPs to whitelist? > >OK I did some of my own research and whitelisted most of >these: > >>> Date: Sat, 21 Aug 2004 10:06:57 -0400 >>> From: John Lundin <lundin(a)cavtel.net> >>> To: SURBL Discussion list <discuss(a)lists.surbl.org> >>> Subject: [SURBL-Discuss] more possible FPs (2 OB, 4 WS and 2 DS) > >>> Eight possible FPs. These were taken from items reported as >non-spam. >>> The "nanas" number is raw matches on the domain from google groups. >>> Use your own judgement... >>> >>> OB: www.mercenariesthegameMUNGED.com (nanas 0) >>> mentioned in a lucasarts review > >Apparently a LucasArts game. Lucas are probably not >spammers. Whitelisting: > >thx.com >lucasfilm.com >lucasarts.com >mercenariesthegame.com > >>> OB: www.jmiequityMUNGED.com (nanas 0) >>> mentioned in a Dow Jones newsletter >>> The original wasn't caught by OB, but it shows up now. > >A stock fund of an investment company whose original domain >was registered in 1995. Probably not spammers. Whitelisting: > >jmi-inc.com >jmiequity.com > >>> WS: Wireless.VentureReporterMUNGED.net (nanas 9) A stock newsletter. >>> I checked back: it really had been subscribed to. > >Belongs to Dow Jones. Unlikely to be spammers. Whitelisting: > >dowjones.com >siliconalleydaily.com >venturereporter.net > >>> WS: nmailerMUNGED.com (nanas 36) Design center newsletter. >>> http://ellington.nmailerMUNGED.com/mailman/listinfo/dtgnews > >Belongs to graphics design folks with a 1995 domain registration. >Whitelisting: > >graphic-design.com >graphic-design.net >nmailer.com > >>> WS: www.imakenewsMUNGED.com (nanas 42) organization newsletter. >>> http://www.imakenewsMUNGED.com/cabf/ (+ cleaned user tracking) >>> imakenews makes me nervous... intrusive html. > >Whitelisting; 1999 registration: > >imakenews.com > >>> WS: ntcrMUNGED.us (nanas 43, some similar) Jupitermedia Web Events. >>> (origin of mailing list -- appearance in unsubscribe disclaimer) >>> (Site won't display for me, insufficiently motivated to >find out why >>> it said "Your Web browser must have cookies enabled" regardless.) > >Belongs to netcreations.com. Are they a spamhaus? > > >> DS: surveyhelp.harrispollonlineMUNGED.com (nanas 19) >> http://www.harrispollonlineMUNGED.com/sweeps.asp >> (sigh) yes, they subscribed to it. > >Legitimate pollsters. Whitelisting: > >harrisinteractive.com >harrispollonline.com > >> DS: www.winxpnewsMUNGED.com (nanas 42) >> http://www.winxpnewsMUNGED.com/issues.cfm >> Single reference in a tech newsletter... > >Looks like a legitimate tech newsletter. Whitelisting: > >winxpnews.com > > > >The next domains were in WS: > >>> Date: Saturday, August 21, 2004, 12:37:45 PM >>> Subject: fps >>> >>> bridgetrack.com (used by nytimes.com) > >Looks like a legitimate web tracking operation. Whitelisting: > >planninggroup.com >bridgetrack.com > >Some of their tracking image URIs may have appeared in spams >but it's probably from citi phishers copying them from real >messages. > >Comments? > >>> elabs.com (EASTERN LABORATORIES INC.) > >1995 registration, whitelisting: > >elabs.com > >>> mfcreative.com (ancestry.com/myfamily.com/rootsweb.com, >Genealogy ad) > >Looks legit. Whitelisting: > >myfamily.net >myfamilyinc.com >mfcreative.com > >>> secureserver.net (in message containing godaddy.com) > >Used by legitimate registrars like dotster and godaddy. >Whitelisting: > >secureserver.net >securepaynet.net > >>> dnews.com (Moscow-Pullman Daily News) > >Small local newspaper in Idaho. Probably not a major spammer. >Whitelisting: > >dnews.com > >>> spinpalace.com (appeared in xe.com currency update mailing list) > >Online casino. Appears in marginally spammy places. Does anyone >have any info about them? > > >It would be nice to distribute some of the work of checking >FPs in future. > > >WS and OB folks may want to remove some of these ones from their >respective lists, and/or share their research with us. > >Jeff C. > >_______________________________________________ >Discuss mailing list >Discuss(a)lists.surbl.org >http://lists.surbl.org/mailman/listinfo/discuss >

2 1

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Discuss