[SURBL-Discuss] Notification of Blacklist Status

Petros Kolyvas pk at shiftfocus.ca
Fri Jul 3 20:00:32 CEST 2009

> On 7/3/09, Petros Kolyvas <pk at shiftfocus.ca> wrote:
>>> To be clear, the owner of the phished brand usually makes very
>>> thorough efforts to contact the site owner or web host to let them
>>> know about it and to ask them to correct the problem.
>> If you've been reading the discussion, you'll know that's not the  
>> case
>> in this case - and further points that our site was never used for  
>> any
>> phishing.
> That's not correct.   The site reportedly appeared in phishing  
> messages.

To be clear, had some due diligence been done it would be noted that  
it was the shared server which was compromised and not the domain  
itself. I would suggest that some research would show that many  
domains on that shared host are on this particular blacklist and that  
it had nothing to do with the domains themselves. Which furthers my  
point that the domain owners, in this particular case, are being  
unfairly punished when a more direct solution — ie. contacting a  
shared host that has produced a large number of compromised domains —  
would have greater effect.

>>>> Our host even claimed that: The domain is not directly hosting the
>>>> phishing attack. Due to the fact that the server is running UserDir
>>>> functionality, other user accounts can be accessed through the /
>>>> ~username path. My ISP has confirmed that the UserDir functionality
>>>> will be removed from all server within 48 hours.
> Translation: your site was used for phishing, with a name like
> www.mydomain.com/~username
> Your host is trying to tell you exactly that.

Actually that is what my host asked me to tell that to the SURBL  
whitelisters. Additionally, the host isn't saying our site was used  
for phishing but rather the shared sever allowed any site on it to  
appear to be the culprit when the domains themselves, in fact, were not.

Furthermore, they [our host] weren't trying to tell us anything. They  
were trying to tell SURBL something and it wasn't enough. So much so  
that despite being very proactive in this case, nothing at all has  
happened; with the exception of the creation of some interesting  
logical fallacies.

To be even clearer, this whole process is so obviously flawed we have  
spent the afternoon telling each of our clients that in order to  
continue working with us via e-mail they will need to stop using the  
SURBL lists. Thankfully this was not an issue and they were happy to  

When calm reasoning is not even considered, it's time to stop reasoning.

Despite all this, I continue to wish you all the very best.

Take care,
Petros Kolyvas

More information about the Discuss mailing list