On Wednesday, March 16, 2005, 3:55:52 AM, Bobby Rose wrote: > I figured out the problem, it' was the an individuals email address in > the message body (even though not a mailto). Their email domain isn't > listed at spamhaus.org but it turns out one of their ISPs DNS servers > are which they are using as secondary. This makes the second time I've > come across this. The last time it was an ISP's (pipex.net) DNS server > in the U.K. that was tripping the URIBL_SBL rule.
> This time the user is in the med.juntendo.ac.jp (Juntendo Univ Med > School) who's ISP is cwidc.net and the DNS server ns03.cwidc.net > (154.33.17.212) is the one in spamhaus.org which they say is hosting a > long time spammer. http://www.spamhaus.org/sbl/sbl.lasso?query=SBL17240 > Does URI checking really need to be so thorough? Obviously there must > be some bias at spamhaus if the big named ISPs don't get their name > servers listed because we know that they provide services to spammers. > Any idea on how to limit the scope to just the URI at it's face value? uridnsbl used in the default rule URIBL_SBL does check domain name servers against SBL, but I'm kind of surprised to hear it triggering on email addresses. It should definitely be checking web sites and the like. Can you give a sample of the text it hit? Was it in URI form like: mailto://[EMAIL PROTECTED] That said, I agree that the SBL listings are at times overbroad. Name servers for gov.ru and spb.ru for example are listed (ns.rtcomm.ru and ns1.relcom.ru respectively). Listings like those can cause false positives, and I personally object to deliberately harming innocent bystanders to "pressure" ISPs. Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
