[SURBL-Discuss] RE: (1) Another Possible FP, and (2) header parsing issues

Jeff Chan jeffc at surbl.org
Thu Aug 12 13:15:27 CEST 2004


On Thursday, August 12, 2004, 9:17:29 AM, Rob McEwen wrote:
> Chris said:

>>I'm confused. (Theres a first!) SURBL only 
>>check the body for URLs. How did the message-ID get hit?

> Its simply an issue where someone's implementation of SURBL provided the
> option of extracting domains out of either (1) the header, and/or (2) the
> client's IP address, and/or (3) the body of the e-mail. Any combination was
> possible/configurable. The "default" setting was to use all three.

> The following is the software package that I am using for SURBL filtering:

> http://www.2150.com/regexfilter/

> I chose this because it works well with my Merak IceWarp webmail software I
> have running on Windows 2000 server.

> The guy who wrote this is very smart. Because he uses the filter for himself
> and didn't have to worry about "clients", he was very aggressive with his
> default settings both for SURBL and for other linguistic aspects of his
> filter. Just about everyone using it has had to contend with having to
> "loosen" it in a number of ways to prevent false positives for their
> clients... but this was a small price to pay for a well designed and FREE
> software package.

FWIW I am in contact with the author and he's somewhat
redesigning his use of SURBLs.  Hopefully the results will
be more in-line with how we expect them to be used, especially
in an ISP context.

Jeff C.



More information about the Discuss mailing list