On Tuesday, April 13, 2004, 8:58:30 AM, William Stearns wrote:
On Tue, 13 Apr 2004, Charles Solomon wrote:
One more question. Since both lists contain the same domains, and this list is now published at ws.surbl.org, couldn't I implement something like the following in addition to the SpamCopURI to get the benefits of SA-Blacklist in the FROM headers?
header RCVD_IN_WSSURBL eval:check_rbl('ws.surbl.org', '127.0.0.2') describe RCVD_IN_SORBS WS-SURBL: sender is listed in ws.surbl.org tflags RCVD_IN_SORBS net
I honestly don't know the answer to that. Does anyone know if
that will successfully check the sender domain?
The code that's using SURBLs generally should only be looking at message bodies, so it should only match on spam domains in the message body URIs and not header info.
That said, since Bill's data which ends up in ws has some sender domains in it, using ws.surbl.org in conventional RBL code that looks at message headers such as sender domain may get some matches.
However attempting to match sender domains would give far fewer (near zero) hits with sc.surbl.org whose source data comes from message bodies only.
In other words we're trying to use SURBLs on message body URIs and not against message headers, which would be more like using a regular RBL. As I understand it Bill is also focusing on adding URI domains to his list lately, which is a good match for the intended use of SURBLs.
Hope this helps,
Jeff C.