One of our users has reported a false positive on id294.securedata.net; securedata.net is listed in ws.
I see no sightings more recent than june 2004; and none for this specific subdomain.
The domain appears to belong to some sort of shopping-cart service-provider, but I'm unsure who (hostway?). They appear to assign distinct subdomains to distinct customers.
What's the policy on this type of thing?
To supply a full message I'll have to ask the customer for permission. I'd rather not send it to a publicly archived mailing list, however (customer data 'n all).
Regards,
On Thursday, January 6, 2005, 3:55:24 AM, Vincent Schonau wrote:
One of our users has reported a false positive on id294.securedata.net; securedata.net is listed in ws.
I see no sightings more recent than june 2004; and none for this specific subdomain.
The domain appears to belong to some sort of shopping-cart service-provider, but I'm unsure who (hostway?). They appear to assign distinct subdomains to distinct customers.
What's the policy on this type of thing?
To supply a full message I'll have to ask the customer for permission. I'd rather not send it to a publicly archived mailing list, however (customer data 'n all).
Generally we try to handle whitelist requests and false positive reports off list at whitelist at surbl dot org.
It's handy to get a copy of the ham, if possible. Perhaps you could send it to us for private review at the address above.
Since Bill Stearns is on this list we may want to ask him for input here since his data is the source for this listing:
black-wstearns-hand-checked:securedata.net
This is a 1998 domain with no RBL or SBL and 20 NANAS most recently from June 2004.
I could not determine anything useful by googling the domain itself.
Bill if you prefer we can discuss this off list.
Jeff C. -- "If it appears in hams, then don't list it."
Good evening, Jeff,
On Thu, 6 Jan 2005, Jeff Chan wrote:
On Thursday, January 6, 2005, 3:55:24 AM, Vincent Schonau wrote:
One of our users has reported a false positive on id294.securedata.net; securedata.net is listed in ws.
I see no sightings more recent than june 2004; and none for this specific subdomain.
The domain appears to belong to some sort of shopping-cart service-provider, but I'm unsure who (hostway?). They appear to assign distinct subdomains to distinct customers.
What's the policy on this type of thing?
To supply a full message I'll have to ask the customer for permission. I'd rather not send it to a publicly archived mailing list, however (customer data 'n all).
Generally we try to handle whitelist requests and false positive reports off list at whitelist at surbl dot org.
It's handy to get a copy of the ham, if possible. Perhaps you could send it to us for private review at the address above.
Since Bill Stearns is on this list we may want to ask him for input here since his data is the source for this listing:
black-wstearns-hand-checked:securedata.net
The spam in question had an image link to:
img src="https://id293.securedata.net/cgi-iwantitallonline/track.cgi?vid=...
I've removed it from the blacklist and placed it on the whitelist because of the FP. Cheers, - Bill
--------------------------------------------------------------------------- "Put down those Windows disks, Dave..." -- HAL -------------------------------------------------------------------------- William Stearns (wstearns@pobox.com). Mason, Buildkernel, freedups, p0f, rsync-backup, ssh-keyinstall, dns-check, more at: http://www.stearns.org --------------------------------------------------------------------------
On Thursday, January 6, 2005, 4:29:56 PM, William Stearns wrote:
Good evening, Jeff,
On Thu, 6 Jan 2005, Jeff Chan wrote:
On Thursday, January 6, 2005, 3:55:24 AM, Vincent Schonau wrote:
One of our users has reported a false positive on id294.securedata.net; securedata.net is listed in ws.
I see no sightings more recent than june 2004; and none for this specific subdomain.
The domain appears to belong to some sort of shopping-cart service-provider, but I'm unsure who (hostway?). They appear to assign distinct subdomains to distinct customers.
What's the policy on this type of thing?
To supply a full message I'll have to ask the customer for permission. I'd rather not send it to a publicly archived mailing list, however (customer data 'n all).
Generally we try to handle whitelist requests and false positive reports off list at whitelist at surbl dot org.
It's handy to get a copy of the ham, if possible. Perhaps you could send it to us for private review at the address above.
Since Bill Stearns is on this list we may want to ask him for input here since his data is the source for this listing:
black-wstearns-hand-checked:securedata.net
The spam in question had an image link to:
img src="https://id293.securedata.net/cgi-iwantitallonline/track.cgi?vid=...
I've removed it from the blacklist and placed it on thewhitelist because of the FP. Cheers, - Bill
Thanks much Bill!
Jeff C. -- "If it appears in hams, then don't list it."
-
Jeff Chan -
Vincent Schonau -
William Stearns