[SURBL-Discuss] Recourse for legitimate users

Lena at lena.kiev.ua Lena at lena.kiev.ua
Tue Nov 25 23:38:13 CET 2008

http://www.surbl.org/faq.html :

> To request removal from a SURBL list, please start with the the SURBL
> Lookup page and follow the instructions on the removal form.

The removal form in case of the "jino-net-MUNGED.ru" domain
(listed in PH and SC) asks for "Sending IP addresses",
"Typical message advertising the web site". Sending, advertising what?
I run a discussion mailing list like this one. A list member posted
an on-topic message to the list mentioning the member's website
http://swallow.jino-net-MUNGED.ru - on-topic for the list,
not phishing/spam/malware/etc.  jino-net-MUNGED.ru is a free
web-hosting like geocities.com. What recourse honest, legitimate users
of that webhosting have?  Now the message with blacklisted URL
is in the list's archive, new members request a part of archive
(few hundred messages in the body of a letter from an autoresponder),
a free mail service (ngs.ru) the list member uses rejects the letter, I
(who run the autoresponder) get the bounce. What recourse I, the member
and the subdomain's honest owner have?
I don't understand what to fill in the IP, header and body fields of the form.
I tried to send the form not filling some fields and got an error message
with "Please contact us by email at whitelist at our domain if you have
any questions". I wrote to that email address with details and got:

> <Chris_Barton()mcafee.com> (expanded from <whitelist()surbl.org>): host
>    sncwsrelay1.nai.com[] said: 550 Denied - Spam Detection (in
>    reply to end of DATA command)

So, Chris is protected from complaints of false positives.

http://www.surbl.org/faq.html :

> It's a good practice to use little or no filtering on your security
> mailing list messages and abuse contact addresses, or to bypss them
> around filtering.


At the same time the list member requested other parts of the list archive,
and I got other bounces:

> SMTP error from remote mail server after end of data:
> host imx5.ngs.ru []: 550 5.7.1 URL http://sexmagnet-MUNGED.com
> in your message is blacklisted, see http://www.surbl.org/lists.html

The letters don't contain that URL, I checked. They contain (in the body)
email address of another member @sexmagnet-MUNGED.com
You can check the website: it's one of seven domains of a free mail service
hotpop.com (like hotmail.com or gmail.com). Listed in PH. Huh?
Using that logic, lets block the gmail.com domain: I don't know about hotpop,
but I have evidence that gmail accepts (with an autoreply), but then
completely ignores spam complaints.

Does SURBL care of false positives at all?

I run a MTA too, I for sure shall never use SURBL because I do care of
false positives. But plenty mailadmins who use SpamAssassin and
directly SURBL never suspect what disservce they make for their users.

http://www.surbl.org/faq.html :

> most SC users probably make an effort to uncheck
> legitimate domains to prevent false reporting.

Are you serious?

Elena Shevchenko

More information about the Discuss mailing list