On Tue, 6 Feb 2024, at 15:24, John Levine via mailop wrote:
On January 25 I was alerted to false positives due to Spamhaus SBL
listing IP addresses of fonts.googleapis.com.
Are those IPs supposed to send mail? If not, why would an SBL
listing, even a mistaken one, matter?
Thanks, that's the aspect my foggy brain missed. It only matters for
those who check URIs, especially if found in the body, or more
precisely the IPs of the hostnames of these URIs.
That's what their SpamAssassin Plugin for DQS does, cf.
https://github.com/spamhaus/spamassassin-dqs
Rules URIBL_SBL_A and SH_BODYURI_REVERSE_SBL cause a very high rate of
FPs (with default settings). The descriptions are
Contains URL's A record listed in the Spamhaus SBL blocklist
[URIs: fonts.googleapis.com]
The corresponding A record of an URI contained in the body is
listed in SBL [142.250.74.202]
So, I still got questions :) like why did these IPs end up on SBL in
the first place, and why does Spamhaus check against them?
--
-- Andreas
:-)
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
