Steven Champeon wrote:
on Thu, Jul 08, 2004 at 03:17:52PM -0400, Chris Santerre wrote:
Good grief. Let me say this slowly....
SURBL is for domains in LINKS, URLS, websites, images, things you click on, images hosted in the email.
SURBL is NOT, will never be used, doesn't care, /dev/null's, any domain or IP the email came from.
Well, I for one won't be sending any more domains along if I have to also distinguish between the domains I happened to find in email bodies from those I happened to find in message headers. Sorry. The overlap is far too great, as for example in a recent message I got (summarized):
Received: from mx51.AfClawFrog1.us (mx51.afclawfrog1.us [216.162.182.51]) Subject: [Target-removed] Free Break-In & Fire Protection System Message-ID: wfbzwsbunaxhmuetqnef@mx51.AfClawFrog1.us
[text part with a snippet of fictional text]
[html part containing several links to
<a href="http://medium.AfClawFrog1.us?id=%5Bsnipped long hash id]
I would suggest that as long as the link is used in the body, you are good for submitting it to surbl. I believe Chris is implying links only found in headers are unusable for surbl never checks the headers.
<img src="http://images.AfClawFrog1.us/images/HomeSecurityProfessionals2_r1_c1.gif ]
I ran a rDNS scan on the netblock and found another 40+ domains all of the same type. As they are found in both the body and the message headers, I want to be able to block all future mail rather than archiving it; which I can do from sendmail. SURBL just lets me filter after acceptance.
Sorry, I don't have time to deal with the distinction. Because for me, for the most part, there quite simply is no distinction.