[SURBL-Discuss] use of surbl to check non-body content?

Rob McEwen rob at powerviewsystems.com
Wed Oct 12 06:18:47 CEST 2005


Steven,

I have found through experience that the FP rate is considerably higher when
checking headers with SURBL. I can't even recall ALL the reasons why... but
I know empirically... from actually experience... that this is true.
(especially with IP addresses)

Also, because checking against headers results in more FPs and because this
is not the official prescribed method, if you ever report such a FP, please
be sure to mention that the URI was found in the header and that you
**know** that checking such is not the official way of doing things.

This will save you from getting lectured and it will help SURBL folks to not
mis-apply your evidence. For example, there are **some** FPs that will be
triggered by using SURBL on headers where that URI **NEVER** appears in the
body of legit messages, even though it might appear in the header of a legit
message. In such a situation, it would be correct to keep such listed in
SURBL. Get the idea?

Finally, I DO check headers against SURBL, just as you've described... but I
weight it much less than SURBL-caught URIs in the body of the message. And I
closely audit such mail... much more closely than regular SURBL-blocked
messages.

Rob McEwen




More information about the Discuss mailing list