-----Original Message----- From: Rob McEwen [mailto:rob@pvsys.com] Sent: Thursday, August 12, 2004 12:17 PM To: 'Chris Santerre'; 'SURBL Discussion list' Subject: RE: [SURBL-Discuss] RE: (1) Another Possible FP, and (2) header parsing issues Importance: High
Chris said:
I'm confused. (Theres a first!) SURBL only check the body for URLs. How did the message-ID get hit?
Its simply an issue where someone's implementation of SURBL provided the option of extracting domains out of either (1) the header, and/or (2) the client's IP address, and/or (3) the body of the e-mail. Any combination was possible/configurable. The "default" setting was to use all three.
The following is the software package that I am using for SURBL filtering:
http://www.2150.com/regexfilter/
I chose this because it works well with my Merak IceWarp webmail software I have running on Windows 2000 server.
The guy who wrote this is very smart. Because he uses the filter for himself and didn't have to worry about "clients", he was very aggressive with his default settings both for SURBL and for other linguistic aspects of his filter. Just about everyone using it has had to contend with having to "loosen" it in a number of ways to prevent false positives for their clients... but this was a small price to pay for a well designed and FREE software package.
Ah now I see. I would strongly say to NOT use SURBL on headers. Too many faked headers.
--Chris (Beer me!)
On Thursday, August 12, 2004, 10:50:53 AM, Chris Santerre wrote:
Ah now I see. I would strongly say to NOT use SURBL on headers. Too many faked headers.
Agreed. The possibility for mistakes is higher if SURBLs are used on headers. In contrast, forging URLs doesn't make much sense for spammers to do.
Jeff C.
-
Chris Santerre -
Jeff Chan