On Thursday, August 12, 2004, 9:17:29 AM, Rob McEwen wrote:
Chris said:
I'm confused. (Theres a first!) SURBL only check the body for URLs. How did the message-ID get hit?
Its simply an issue where someone's implementation of SURBL provided the option of extracting domains out of either (1) the header, and/or (2) the client's IP address, and/or (3) the body of the e-mail. Any combination was possible/configurable. The "default" setting was to use all three.
The following is the software package that I am using for SURBL filtering:
I chose this because it works well with my Merak IceWarp webmail software I have running on Windows 2000 server.
The guy who wrote this is very smart. Because he uses the filter for himself and didn't have to worry about "clients", he was very aggressive with his default settings both for SURBL and for other linguistic aspects of his filter. Just about everyone using it has had to contend with having to "loosen" it in a number of ways to prevent false positives for their clients... but this was a small price to pay for a well designed and FREE software package.
FWIW I am in contact with the author and he's somewhat redesigning his use of SURBLs. Hopefully the results will be more in-line with how we expect them to be used, especially in an ISP context.
Jeff C.