[SURBL-Discuss] Notification of Blacklist Status

SURBL Role surbl.role at gmail.com
Sat Jul 4 06:39:29 CEST 2009


On 7/3/09, Petros Kolyvas <pk at shiftfocus.ca> wrote:
>
>
>  > On 7/3/09, Petros Kolyvas <pk at shiftfocus.ca> wrote:
>  >>
>  >>> To be clear, the owner of the phished brand usually makes very
>  >>> thorough efforts to contact the site owner or web host to let them
>  >>> know about it and to ask them to correct the problem.
>  >>
>  >>
>  >> If you've been reading the discussion, you'll know that's not the
>  >> case
>  >> in this case - and further points that our site was never used for
>  >> any
>  >> phishing.
>  >
>  > That's not correct.   The site reportedly appeared in phishing
>  > messages.
>
>
> To be clear, had some due diligence been done it would be noted that
>  it was the shared server which was compromised and not the domain
>  itself. I would suggest that some research would show that many
>  domains on that shared host are on this particular blacklist and that
>  it had nothing to do with the domains themselves. Which furthers my
>  point that the domain owners, in this particular case, are being
>  unfairly punished when a more direct solution — ie. contacting a
>  shared host that has produced a large number of compromised domains —
>  would have greater effect.

The domain would not have been listed unless the site appeared in
phishing messages.

>  >>>> Our host even claimed that: The domain is not directly hosting the
>  >>>> phishing attack. Due to the fact that the server is running UserDir
>  >>>> functionality, other user accounts can be accessed through the /
>  >>>> ~username path. My ISP has confirmed that the UserDir functionality
>  >>>> will be removed from all server within 48 hours.
>  >
>  > Translation: your site was used for phishing, with a name like
>  > www.mydomain.com/~username
>  >
>  > Your host is trying to tell you exactly that.
>
>
> Actually that is what my host asked me to tell that to the SURBL
>  whitelisters. Additionally, the host isn't saying our site was used
>  for phishing but rather the shared sever allowed any site on it to
>  appear to be the culprit when the domains themselves, in fact, were not.
>
>  Furthermore, they [our host] weren't trying to tell us anything. They
>  were trying to tell SURBL something and it wasn't enough. So much so
>  that despite being very proactive in this case, nothing at all has
>  happened; with the exception of the creation of some interesting
>  logical fallacies.
>
>  To be even clearer, this whole process is so obviously flawed we have
>  spent the afternoon telling each of our clients that in order to
>  continue working with us via e-mail they will need to stop using the
>  SURBL lists. Thankfully this was not an issue and they were happy to
>  comply.
>
>  When calm reasoning is not even considered, it's time to stop reasoning.

We are waiting for the answer to two simple, reasonable questions:

1.  Is the phishing site down?
2.  Has the server been secured?


More information about the Discuss mailing list