[SURBL-Discuss] Notification of Blacklist Status

Petros Kolyvas pk at shiftfocus.ca
Fri Jul 3 07:40:43 CEST 2009


The same issue would exist with any e-mail address though. It can  
happen with surbl.role at gmail.com. It doesn't seem like a logical reason.

Even if they did, we'd simply get 1000s of emails one day (or even  
every day) saying "[x domain] is blacklisted because of [y]." No sweat  
off our back unless [x domain] is my domain. I could even use any  
number of search functions to weed through them all fairly quickly;  
heck even a simple shell script to parse the messages as they come in  
would do.

But what I was implying below is that, for the blacklist sake, the  
owner, administrator or technical contact be sent a message.

I am only making these suggestions because I feel that, through no  
fault of our own, we've been attacked but with no defence. So in this  
equation the phisher wins because he's already done his work and moved  
on to a new server while our business suffers (without us knowing how  
or why.) It was iPowerWeb (of all places!) that sent a note this  
morning saying an address was blacklisted.

I will repeat that I am not trying to detract from such a badly needed  
effort. The feeling is just that it's a little heavy handed when  
you're on the other end.

Petros

-- 
ShiftFocus Media
for Arts and Education

Phone: 514.667-9778 ext. 231
Fax: 866.850.5451

42 Milner Street
Montreal, QC, H4X 2H5

On 3-Jul-09, at 1:25 AM, SURBL Role wrote:

> What happens if a spammer decides to use, say, abuse at shiftfocus.ca as
> the contact on their thousands of domains?
>
>
> On 7/2/09, Petros Kolyvas <pk at shiftfocus.ca> wrote:
>> Thanks for the reply.
>>
>> I would, however retort that if the contact info is faulty, and a
>> message simply isn't delivered (hopefully you'll get a notification  
>> of
>> an invalid address,) this could count as a further strike against a
>> domain.
>>
>> However, if the contact information is good, and a message is  
>> properly
>> received, it does help speed along the process. We keep both info at shiftfocus.ca
>>  and abuse at shiftfocus.ca so that we can be notified of any trouble.
>> The hope was that we might know about the trouble and take action
>> before something like this occurs.
>>
>> For example, until today we didn't know we were somehow (and
>> mistakenly) on a blacklist. How long were we on the blacklist? It
>> would certainly explain some odd behaviour of sent messages over the
>> last couple of months.
>>
>> Having completed another "lookup," no additional information is
>> offered. We can't face our accuser so to speak or see how, why or  
>> when
>> we were added in any detail.
>>
>> Back to my original point, it seems to me the overhead for the simple
>> e-mail notification would be quite low and the net effect would be
>> some increased feeling of goodwill from those who might suffer from
>> false positives. The increased level of openness could only help
>> further the cause.
>>
>> I am not saying this to criticise the effort, far from it. I still
>> applaud the gargantuan and nearly impossible effort of keeping the
>> streets "clean." At the same time, as an outsider who is suffering a
>> little from the cleaning, these are my thoughts. They remain opinion
>> and should be considered such.
>>
>> I do wish you all the best,
>>
>> Petros Kolyvas
>>
>> --
>> ShiftFocus Media
>> for Arts and Education
>>
>> Phone: 514.667-9778 ext. 231
>> Fax: 866.850.5451
>>
>> 42 Milner Street
>> Montreal, QC, H4X 2H5
>>
>>
>> On 2-Jul-09, at 2:13 PM, SURBL Role wrote:
>>
>>> Thanks for a good suggestion and for your kind words, but 99.99+% of
>>> the sites on SURBL lists likely have false contact information or  
>>> are
>>> hosted on compromised computers, so it's often not feasible to  
>>> contact
>>> them.
>>>
>>> Probably the best approach is to follow the removal procedure at:
>>>
>>> http://www.surbl.org/lookup/
>>>
>>> as you're doing.
>>>
>>>
>>>
>>> On 7/2/09, Petros Kolyvas <pk at shiftfocus.ca> wrote:
>>>> Dear All,
>>>>
>>>> I was notified today via an error message from a mail server that a
>>>> domain/URL in the e-mail was on a blacklist somewhere. I took the
>>>> time
>>>> to check and sure enough our own domain is on that list with the  
>>>> note
>>>> PH.
>>>>
>>>> The problem is that our domain is hosted on a shared web host from
>>>> what I believe to be a fairly reputable web host here in Montreal
>>>> (iWeb.com.) We have no ability to control or monitor the servers  
>>>> at a
>>>> level that would allow us to work on, modify, patch, or make any  
>>>> low-
>>>> level changes that requested in the "Removal Request."
>>>>
>>>> More importantly is why a domain isn't notified upon being
>>>> blacklisted? (Via the info at ... or abuse at .... mailboxes) I can
>>>> understand the need for immediately blacklisting troublesome  
>>>> domains;
>>>> with that I have no qualms. However it seems that, in the hope of
>>>> weeding out false positives like our own, at least a note that the
>>>> domain is being added to the blacklist would help in some kind of
>>>> active response - instead of the reactive one where we start
>>>> receiving
>>>> cryptic messages from clients' servers indicating something is  
>>>> amiss.
>>>>
>>>> That being said, thanks for all your hard work to keep this giant  
>>>> and
>>>> messy infrastructure as clean as humanly possible.
>>>>
>>>> Be well,
>>>> Petros Kolyvas
>>>>
>>>> --
>>>> ShiftFocus Media
>>>> for Arts and Education
>>>>
>>>> Phone: 514.667-9778 ext. 231
>>>> Fax: 866.850.5451
>>>>
>>>> 42 Milner Street
>>>> Montreal, QC, H4X 2H5
>>>>
>>>> _______________________________________________
>>>> Discuss mailing list
>>>> Discuss at lists.surbl.org
>>>> http://lists.surbl.org/mailman/listinfo/discuss
>>>>
>>> _______________________________________________
>>> Discuss mailing list
>>> Discuss at lists.surbl.org
>>> http://lists.surbl.org/mailman/listinfo/discuss
>>
>> _______________________________________________
>> Discuss mailing list
>> Discuss at lists.surbl.org
>> http://lists.surbl.org/mailman/listinfo/discuss
>>
> _______________________________________________
> Discuss mailing list
> Discuss at lists.surbl.org
> http://lists.surbl.org/mailman/listinfo/discuss



More information about the Discuss mailing list