http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5421
Summary: Please don't use SURBLs to check headers, etc.
Product: Spamassassin
Version: 3.1.8
Platform: Other
URL: http://www.surbl.org/implementation.html
OS/Version: All
Status: NEW
Severity: normal
Priority: P3
Component: spamassassin
AssignedTo: [email protected]
ReportedBy: [EMAIL PROTECTED]
We seem to be seeing cases where SpamAssassin is resolving header domains and
checking them against SURBLs. This has caused some arguable FPs where, for
example, a mail server's IP address is on the ph.surbl.org phishing list due to
the phishers specifying the URI that way. It's also possible that *unresolved*
header domains are being checked against SURBLs. While these uses may correctly
help identify some minority of spam, they also can and apparently do FP.
They're also not a recommended or intended use of the data.
As a side effect some (formerly) compromised mail or web servers are having some
difficulty delivering mail. In the big picture this may have some benefits in
mitigating or cleaning up exploits, but responding to these issues is not
something we'd like to be doing. SURBL does not want to do mitigation or
cleaning of compromised servers. It does want to blacklist spammed hosts.
Compounding the issue somewhat is that some of our phishing data sources don't
remove sites quickly enough when the phishing sites are gone. Again this causes
some FPs when the data are used as described above.
Therefore we recommend that SpamAssassin not use SURBLs to check other than
message body URI hosts.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
