[SURBL-Discuss] RE: (1) Another Possible FP, and (2) header parsing issues

Rob McEwen rob at pvsys.com
Thu Aug 12 13:17:29 CEST 2004


Chris said:

>I'm confused. (Theres a first!) SURBL only 
>check the body for URLs. How did the message-ID get hit?

Its simply an issue where someone's implementation of SURBL provided the
option of extracting domains out of either (1) the header, and/or (2) the
client's IP address, and/or (3) the body of the e-mail. Any combination was
possible/configurable. The "default" setting was to use all three.

The following is the software package that I am using for SURBL filtering:

http://www.2150.com/regexfilter/

I chose this because it works well with my Merak IceWarp webmail software I
have running on Windows 2000 server.

The guy who wrote this is very smart. Because he uses the filter for himself
and didn't have to worry about "clients", he was very aggressive with his
default settings both for SURBL and for other linguistic aspects of his
filter. Just about everyone using it has had to contend with having to
"loosen" it in a number of ways to prevent false positives for their
clients... but this was a small price to pay for a well designed and FREE
software package.

Rob McEwen




More information about the Discuss mailing list