Speaking of anti-SURBL tactics, I got this turdlet today (snippet of HTML email below):
<DIV>We are giving out Free Import / Export / Wholesales/ Distributers / Retailers Contact Database</DIV> <DIV> </DIV> <DIV>If You interested Pls get at Following URL</DIV> <DIV> </DIV> <DIV><A onmouseover="window.status='http://www.impexp-data.com';return true;" onmouseout="window.status=' ';return true;" href="http://indigisys.com/chawla1/open.htm" target=_blank>Business = Database</A> </DIV> <DIV> </DIV> <DIV>Free Business / Marketing Tools ( Free SMS to All over world Unl= imited ) </DIV> <DIV><A onmouseover="window.status='http://www.impexp-data.com/sms';return true;" onmouseout="window.status=' ';return true;" href="http://indigisys.com/chawla1/open.htm" target=_blank>FREE SMS = Tools </A></DIV>
It *looks* like whoever owns indigisys.com wants to hide the fact that they're actually indigisys.com by pretending to be impexp-data.com, which doesn't exist. Does SURBL's lookup code catch this?