[SURBL-Discuss] Phishtank Data and SURBL?
surbl.role at gmail.com
Thu Oct 21 17:10:31 CEST 2010
On Thu, Oct 21, 2010 at 7:26 AM, Johnson, Ken <kenjohnson at letu.edu> wrote:
> We have been having an increase in the number of phishing messages that slip through our antispam solution. We currently use Can-IT which includes an instance of SpamAssasin which has active scanning on for SURBL.
> We recognize that no current solution is going to be 100% effective - however one of the most recent phishing messages that got through was for a link which appeared to already be in phishtank.com data (see http://www.phishtank.com/phish_detail.php?phish_id=1068849)
> We had been working to see if we could incorporate phishtank.com data in the Can-IT environment to add one more source of blocks for these messages to plug some more holes when we noticed per http://www.phishtank.com/friends.php that SURBL appeared to already be listed as using (in some way) phishtank data.
> We presumed that http://www.surbl.org/lists.html#ph probably used it - but tests seem to have test messages with that url receiving no points inbound.
> Further testing on the SURBL lookup returned that w3t.org wasn't listed (which makes sense as the underlying url above is a shortener so it's only the extended url that is listed in phishtank and worth flagging on - does SURBL only accept root domains for listing?
The quick answer is yes. However see also:
SURBL may look into listing subdomains and paths more generally in
future. There were important design decisions for not doing that
More information about the Discuss