[SURBL-Discuss] SURBL reports on short links that don't exist or aren't blacklisted

[Sam Rudge]

I run the URL shortener dft.ba. SURBL keeps sending out emails to us saying our shortener is being used for spam links. So far I have been sent around 50 of these messages, out of those messages most of them are for links that not only return a 404 error but were never even created in the first place. The other few all point to URLs which, although are correctly identified as spam manually, when querying the domains using the tool at http://www.surbl.org/surbl-analysis (And subsequently the system we use in our site) return as 'not blacklisted'.

Our application integrates with both SURBL and WebOfTrust to get reputation for URLs and automatically removes all links we detect as spammy. But what are we to do when SURBL is informing us and our ISP of URLs that don't exist or are not even blacklisted in SURBL itself. An example of this is

--
Please remove the abused shortner:
http://dft dot ba /-qTY

[etc]
--

This URL has never existed, not 'did exist but has now been deleted' because we don't fully delete things from our database just mark them deleted, this URL has never forwarded to anything other than our 404 page.

Another example of the other behaviour is this
--
Please remove the abused shortner:
http://dft dot ba /-NqD

[etc]
--


This URL did exist (but has now manually been deleted), but forwards to the domain 'li.ru', not blacklisted by SURBL. Trying to access the URL by any methods from our server (CURL, WGET etc.) returns a 500 server error so it looks like the site has blocked us from automatically figuring out where the URLs are redirecting to (I guess on an IP based block, it works from other servers). If SURBL isn't going to blacklist sites why are we being alerted that the link is being abused.

Our web host says SURBL often generates "false positives that should be ignored" but I'm trying to avoid our site getting blacklisted/flagged etc.

Any suggestions?
-Sam