gmane.mail.spam.rbl.surbl

URL Shortener Abuse Data

Ron Guerin — 2012-03-23T01:20:54

I am making this available in the event it is interesting or useful to
someone.  It is a really rough first effort, and I expect to do
something more useful with it as time goes on.

With the caveat that this should be considered "experimental data", I
have finally begun to publish some abuse data.  This data is presently
re-generated hourly.

http://tighturl.com/tighturl-abuse-ips.csv
http://tighturl.com/tighturl-abuse-domains.csv

The IP addresses are those that have submitted URLs that have been
banned at tighturl.com within the last 7 days.  They are in the format:
  unixtimestamp,IPv4address

The domains are base domains[1] that have been banned from tighturl.com
or have been submitted by currently banned IP addresses within the last
7 days.  They are in the format:
  unixtimestamp,basedomain

I have not found over time that an IP address that submits abuse also
submits non-abuse.

I'm interested in comments or suggestions.

- Ron

[1] Based upon http://www.surbl.org/tld/two-level-tlds and
http://www.su

rbldnsd & IPv6?

Dave Funk — 2012-02-11T23:17:25

Anybody have experience running rbldnsd (serving surbl zones) on
IPv6 addresses?
Clearly the data -in- the zones are IPv4 values but the servers
can communicate using IPv6 addresses.

I'm in the process of a general config refresh & IPv6 deployment
and noticed that the surbl dns servers lists that my copies are in
(a.surb.org & b.surbl.org) only contain IPv4 addrs (A records), no
AAAA records.

So is this just inertial or is there a reason for not listing IPv6
addrs for rbldnsd servers? I did a local test with rbldnsd-0.996b
on SLES11-SP1 and it seems to run/answer on IPv6 just fine.

Dave

Removal request from WS blacklist

Informes — 2011-08-31T07:17:27

Hi,

We've just submitted a removal request for our domain aldaniti.net using 
lookup page in surbl.com.
We send an email with all the information about our company and we 
explain that we do e-mail marketing actively for those who previously 
agreed and accepted to receive this kind of e-mail.

But our domain is still in the blacklist.

Is there anyway to know why are we being listed in ws.surbl.org blacklist?
How long will it take for our domain to be removed from the list?

In case we will be delisted, will there be any email notification?


Regards,
Aldaniti Team.

help please

Design Office — 2011-08-25T12:28:34

I am getting this message from a few recipients

X-Supplementary-Info: < c2bthomr14.btconnect.com #5.2.0 SMTP; 550  
5.7.1 Rejected - listed at SURBL/CURBL>

any suggestions!!


Dean Harvey




Factory Furniture Ltd - specialist street furniture designers and  
manufacturers with in-house production facilities.
FSC Chain of custody certification No.CU-COC-806405. For further  
information on Forestry Stewardship Council certified timbers http://www.fsc-uk.info/

The information in this e-mail and any attachments is confidential and  
is intended for the addressee only. Unless stated to the contrary, any  
opinions or comments are personal to the writer and do not represent  
the official view of Factory Furniture Ltd

SURBL reports on short links that don't exist or aren't blacklisted

Sam Rudge — 2011-08-02T21:16:02

I run the URL shortener dft.ba. SURBL keeps sending out emails to us saying our shortener is being used for spam links. So far I have been sent around 50 of these messages, out of those messages most of them are for links that not only return a 404 error but were never even created in the first place. The other few all point to URLs which, although are correctly identified as spam manually, when querying the domains using the tool at http://www.surbl.org/surbl-analysis (And subsequently the system we use in our site) return as 'not blacklisted'.

Our application integrates with both SURBL and WebOfTrust to get reputation for URLs and automatically removes all links we detect as spammy. But what are we to do when SURBL is informing us and our ISP of URLs that don't exist or are not even blacklisted in SURBL itself. An example of this is

--
Please remove the abused shortner:
http://dft dot ba /-qTY

[etc]
--

This URL has never existed, not 'did exist but has now been deleted' because we don't fully delete th

Can we provide feeds?

StopForumSpam Support — 2011-06-29T00:08:48

I run stopforumspam.com and we have started taking honeypot feeds that contain URI data.

Would any of this be of any use to your project?  If you check any of our
listings for a blue hand, then
evidence of forum and blog url spam is available.

keep up the great work :)

surbl listing

Alanna Dukes — 2011-04-13T21:16:21

When sending a delivery test to my seedlist, one of the spam filters
referenced surbl.  Specifically, surbl: [c2FpbHRocnUuY29t].  Does
anyone know what this means?  I did a look-up for all of my company's
IPs and domain and none were listed.  Thanks!

removal does not work!?

Dominic John Rack — 2011-03-15T09:17:59

hi,
 
one of my customers has problems sending email to certain recipients. he
found out, that his domain "seegerundkollegen.de" is listed on surbl which
might be the reason for mails being rejected. i have thoroughly checked the
server and cleaned up all problematic files. there definitely had been
ftp-abuse so we altered all ftp-accounts also. the server is clean and
secure now.
 
we have requested removal from the surbl ph-list about ten days ago - no
effect up to now! the domain is still listed L 
 
what can we do to solve this issue quickly? it is really important to free
this domain!
 
regards.
 
dominic john rack
 
............................................
 
mediatects . media architecture and design

how to contact

Jason DeGraf — 2011-02-15T20:40:35

your whitelist"surbl.org  address does not work

multi.surbl.org.rbldnsd download

Jeff Poling — 2011-01-31T21:19:21

I recently became responsible for our SURBL system.  Last week or firewall changed and the SURBL system had issues with the rsync process.   We corrected the firewall issues, but I am still seeing the following:

You are connected to rsync40

receiving file list ... done
multi.surbl.org.rbldnsd
rsync error: received SIGUSR1 or SIGINT (code 20) at rsync.c(231) rsync error: received SIGUSR1 or SIGINT (code 20) at main.c(965)

I am kind of at a loss as to what is going on. . .any insight is greatly appreciated!

Thanks,

Jeff

SpamAssassin

Eric Lamison — 2011-01-19T16:17:34

I'm using SpamAssassin to test for problems with our email and I'm getting warnings about being on SURBL blacklists. When I do a lookup though, it says the server is not listed. Any suggestions as to what the problem is?

From SpamAssassin:

1.7 URIBL_WS_SURBL         Contains an URL listed in the WS SURBL
blocklist
                           [URIs: logicalwebco.net]
4.5 URIBL_AB_SURBL         Contains an URL listed in the AB SURBL
blocklist
                           [URIs: logicalwebco.net]
1.9 URIBL_JP_SURBL         Contains an URL listed in the JP SURBL
blocklist
                           [URIs: logicalwebco.net]
0.8 URIBL_OB_SURBL         Contains an URL listed in the OB SURBL
blocklist

Thanks,


Eric Lamison

please forwarding to the webmaster: many links arebroken on surbl.org

Martin Schiftan www.blocklist.de — 2010-12-26T23:53:34

Hello,

on the Website there are a lot of Links broken:

http://www.surbl.org/links
-> http://www.surbl.org/nameservers-output.html
-> http://www.surbl.org/datafeed/


http://www.surbl.org/contact
-> Look-Up-Link in the second section refers to http://lookup/


and on all Sites:
-> http://www.surbl.org/public-dns.html


also i have stop to read, the website is to broken and not complete.
Please forwarding this mail to the Webmaster to fix the links and
redirects. Because webmaster< at >surbl.org or a other default address does
not works.

Thanks.

Martin Schiftan
http://www.blocklist.de/en/ Fail2Ban Reporting Service

Новое сообщение

Vovan — 2010-12-13T02:43:16

http://samec.org.ua/

historical data

Likarish, Peter F — 2010-12-01T21:17:40

Hello all,

I'm a member of a university research team looking at identifying malicious content online. We're interested in acquiring a list of all malicious URIs seen in the last 6-8 months. Does SURBL maintain historical data? Is there any way to get access to this data? Please let me know if I need to direct my query elsewhere or if anyone has suggestions. Thanks much,

Peter Likarish

RFC: Changing zone files to wildcarded data format

SURBL Role — 2010-11-23T03:29:13

The proposed change:

In order to more effectively blacklist abused subdomains, we would
like to get feedback on changing the SURBL zone file data format to
use wildcards.  Currently the records look like this canonically:

domain.com  (actual result codes not shown)

For wildcarding under rbldnsd, the record would look like this:

.domain.com

For wildcarding under BIND, the record would expand to two:

*.domain.com
domain.com

The above would be the case if both domain.com and all of its
subdomains were to be listed, which is the equivalent functional case
now.  For the BIND version of the zone file, it would generally mean a
doubling of file size.

In the highly unusual, exceptional case that only an unqualified
domain were to be listed, the future record would look like for both
rbldnsd and BIND:

domain.com

In the new case that a subdomain would be listed, the record would
look like this for both rbldnsd and BIND:

subdomain1.domain.com
subdomain2.domain.com
subdomain3.domain.com



Impact on list data

Phishtank Data and SURBL?

Johnson, Ken — 2010-10-21T14:26:10

We have been having an increase in the number of phishing messages that slip through our antispam solution. We currently use Can-IT which includes an instance of SpamAssasin which has active scanning on for SURBL.

We recognize that no current solution is going to be 100% effective - however one of the most recent phishing messages that got through was for a link which appeared to already be in phishtank.com data (see http://www.phishtank.com/phish_detail.php?phish_id=1068849)

We had been working to see if we could incorporate phishtank.com data in the Can-IT environment to add one more source of blocks for these messages to plug some more holes when we noticed per http://www.phishtank.com/friends.php that SURBL appeared to already be listed as using (in some way) phishtank data.

We presumed that http://www.surbl.org/lists.html#ph probably used it - but tests seem to have test messages with that url receiving no points inbound.

Further testing on the SURBL lookup returned that w3t.org wasn't listed (which

Phishtank Data and SURBL?

Johnson, Ken — 2010-10-21T14:26:10

We have been having an increase in the number of phishing messages that slip through our antispam solution. We currently use Can-IT which includes an instance of SpamAssasin which has active scanning on for SURBL.

We recognize that no current solution is going to be 100% effective - however one of the most recent phishing messages that got through was for a link which appeared to already be in phishtank.com data (see http://www.phishtank.com/phish_detail.php?phish_id=1068849)

We had been working to see if we could incorporate phishtank.com data in the Can-IT environment to add one more source of blocks for these messages to plug some more holes when we noticed per http://www.phishtank.com/friends.php that SURBL appeared to already be listed as using (in some way) phishtank data.

We presumed that http://www.surbl.org/lists.html#ph probably used it - but tests seem to have test messages with that url receiving no points inbound.

Further testing on the SURBL lookup returned that w3t.org wasn't listed (which

portion of my domain name is List

David Fletcher (SAN — 2010-10-13T18:09:06

Hello,

My domain is Sandestin.com.  We are having some issues of our emails being blocked as spam.  The message is 552 tin.com found in SURBL: Blocked, tin.com on lists [ws], See: http://www.surbl.org/lists.html.   My domain isn't on the lookup but tin.com.  Where do you think this issue lies?  Is it SURBL or the spam filtering that is using surbl?

David Fletcher
I.T. Dept

Rejected content by multi.surbl.org

Shattuck, Will — 2010-07-16T19:52:14

Hi all,

 

One of my users sent email someone and received a rejected notice. Here
it is:

 

    host mx01.lastspam.com[64.15.150.3] said: 550-5.7.1 rejected
content, 

    black listed 2010.In by multi.surbl.org. #762 #895
(m6F1MY037314479000)

 

The attachments being sent were a 38 KB Excel file, and 1 MB PowerPoint.

 

I understand that SURBL checks for websites and URLs inside the email,
but I can't seem to find anything about SURBL lists rejecting content.
I'm inquiring as we need to make sure these attachments get to the
recipient.

 

Thanks,

 

Will

Detail information for listing / Removal request

2010-07-12T14:14:16

Hello,

is there any page i can verify the source mails or urls which has led to the listing of the domain "ncsrv.de" at SURBL? 

This domain is used as a alternative url for almost every server in our network (server1 ... server99999.ncsrv.de), so websites are available even no customer domain is routed on the certain server. 

We use this domain also as internal identifier, also included in the host name configuration.

As you will understand a full control over every URL used in unsolicited messages is almost impossible because we have a lot of root systems, so we can not shut down every listed URLs immediately.

Is there a possibility to check for new entries at SURBL automatically so we can respond to that issue?

Thanks,
Rafael

How to delist from the SURBL list?

SnipURL Editor — 2010-06-30T03:23:15

Hi,

I have tried to send an email from the Lookup page, but that email is bouncing.

What am I missing? Whom can I contact to get my IP unlisted, given
that it's now been a month since it's been wrongly put in the list?

Thanks
Shanx