On Fri, 2013-03-15 at 14:39 -0500, David B Funk wrote: > The whole raison-detre for RBLs is that they're lists that can be > implemented via the DNS system (created, updated, distributed, queried, etc). > As such they can -only- contain IP addresses or hostnames, NOT URLs. > > So using something like SURBL or URIBL you can only list the host name > part of that URL. If it's a legit site (albeit a compromised site) > this will result in false-positives for normal mail that references the site. > ... alternatively it would be reasonable to consider that the site deserves to be blacklisted until its owner disinfects it. Telling its webmaster that his site is infected would be a right neighbourly thing to do too, especially if the site has a generally good reputation.
Martin