[SURBL-Discuss] Notification of Blacklist Status

[SURBL Role]

On 7/2/09, Petros Kolyvas <pk at shiftfocus.ca> wrote:
> The same issue would exist with any e-mail address though. It can
>  happen with surbl.role at gmail.com. It doesn't seem like a logical reason.
>
>  Even if they did, we'd simply get 1000s of emails one day (or even
>  every day) saying "[x domain] is blacklisted because of [y]." No sweat
>  off our back unless [x domain] is my domain. I could even use any
>  number of search functions to weed through them all fairly quickly;
>  heck even a simple shell script to parse the messages as they come in
>  would do.
>
>  But what I was implying below is that, for the blacklist sake, the
>  owner, administrator or technical contact be sent a message.

Given that 99.99+% of the contact info is forged or from stolen
identities, that seems highly inappropriate.

>  I am only making these suggestions because I feel that, through no
>  fault of our own, we've been attacked but with no defence. So in this
>  equation the phisher wins because he's already done his work and moved
>  on to a new server while our business suffers (without us knowing how
>  or why.) It was iPowerWeb (of all places!) that sent a note this
>  morning saying an address was blacklisted.
>
>  I will repeat that I am not trying to detract from such a badly needed
>  effort. The feeling is just that it's a little heavy handed when
>  you're on the other end.

Cracked phishing sites often stay cracked and are used for repeated
phishing or other crimes such as malware infection.  How would someone
whose life savings had been stolen feel if the phishing site were
delisted before it was actually secured and they were defrauded as a
result?  How do you balance these?  Is it reasonable to try to make
sure that the cracked sites have been secured?  That seems like the
responsible thing to do in these cases.