On 7/2/09, Petros Kolyvas pk@shiftfocus.ca wrote:
The same issue would exist with any e-mail address though. It can happen with surbl.role@gmail.com. It doesn't seem like a logical reason.
Even if they did, we'd simply get 1000s of emails one day (or even every day) saying "[x domain] is blacklisted because of [y]." No sweat off our back unless [x domain] is my domain. I could even use any number of search functions to weed through them all fairly quickly; heck even a simple shell script to parse the messages as they come in would do.
But what I was implying below is that, for the blacklist sake, the owner, administrator or technical contact be sent a message.
Given that 99.99+% of the contact info is forged or from stolen identities, that seems highly inappropriate.
I am only making these suggestions because I feel that, through no fault of our own, we've been attacked but with no defence. So in this equation the phisher wins because he's already done his work and moved on to a new server while our business suffers (without us knowing how or why.) It was iPowerWeb (of all places!) that sent a note this morning saying an address was blacklisted.
I will repeat that I am not trying to detract from such a badly needed effort. The feeling is just that it's a little heavy handed when you're on the other end.
Cracked phishing sites often stay cracked and are used for repeated phishing or other crimes such as malware infection. How would someone whose life savings had been stolen feel if the phishing site were delisted before it was actually secured and they were defrauded as a result? How do you balance these? Is it reasonable to try to make sure that the cracked sites have been secured? That seems like the responsible thing to do in these cases.