|
| | | Forum Newbie
Group: Forum Members
Last Login: 3/12/2007 11:57:00 AM
Posts: 9, Visits: 1 |
| We use IMail 2006.1 with Premium Anti-Spam. Recently I noticed that a lot of false positives are generated by the URL Domain Black List (Header: X-IMAIL-SPAM-URL-DBL). This list contains legitimate domains such as live.com and lulu.com  . Here are my questions: 1) What is the purpose of the URL Domain Black List, if there are plenty of DNS Blacklists out there, that are actively managed? 2) How is that list updated? Does the Anti-Spam automatically add domains? Shouldn't the list be automatically be updated and downloaded from Ipswitch? Is anyone else having problems with this list? Anybody has any repercussions from disabling the list? Thanks,
Julian |
| |
| | | Forum Newbie
Group: Forum Members
Last Login: 10/26/2006 11:34:00 PM
Posts: 6, Visits: 1 |
| Doesn't this look for URL links in the message from the domains listed... like http://buymycrap.com Where DNS blacklist look at the domain the mail is being sent from... like Ahole@buymycrap.com Many spammers want you to see their add and visit their site by clicking the link in the message. Others try and get you to change your password by having you click on a link that really goes to their spoofed site. As far as I know they aren't updated. I go through our companies junk mail (that makes it through Imail) every couple weeks and add any domains that use hyperlinks to the list. Since most spammers use a method like junk1.buymycap.com the first week and junk2.bymycrap.com the second, etc.buymycrap.com ..... I just put buymycrap.com in the list.... Hope this helps... |
| |
| | | Forum Newbie
Group: Forum Members
Last Login: 3/12/2007 11:57:00 AM
Posts: 9, Visits: 1 |
| Yeah, that makes sense. I didn't know that URL blacklists check for links inside of the email. That still doesn't explain though how legitimate servers end up on that list. |
| |
| | | Forum Newbie
Group: Forum Members
Last Login: 10/26/2006 11:34:00 PM
Posts: 6, Visits: 1 |
| | Watch blocking things like stuff.com because that will block legitimatestuff.com too I think... not completely sure |
| |
| | | Forum Guru
Group: Forum Members
Last Login: Yesterday @ 8:59:07 PM
Posts: 1,625, Visits: 850 |
| DNS blacklists check the IP address of the connecting server (and/or others before it). It does not check the from address.
URL blacklists check the header and/or subject and/or body for URLs contained on the list.
Most lists of both types are dynmaic although some are static or semi-static.
John T
eServices For You"Life is a succession of lessons which must be lived to be understood." Ralph Waldo Emerson (1802-1882) |
| |
| | | Forum Newbie
Group: Forum Members
Last Login: 4/17/2008 10:53:06 AM
Posts: 7, Visits: 9 |
| | OK, so now that we all know what the URL Domain Black List does, let's return to the topic. What's the point... if legitimate addresses keep showing up in the list? Last month, we had live.com and some other Microsoft address in the list.
This month, I found gotomeeting.com in there.
GoToMeeting is a pretty popular desktop share / conferencing solution.
Live.com is Microsoft's new branding. You might as well blacklist HotMail.com and Microsoft.com! What's the deal? If these addresses are being added by automated system, IPSWITCH needs to ensure that they're not responding to people trying smear the name of legitimate companies. Maybe their automated systems are susceptible to corruption? They need to use humans to vet these lists, or we just can't use them! Next, wellsfargo.com and nwa.com and gap.com show up in there!
David Hoffman
Account Manager / Marketing
Albertson Consulting http://www.albertsonconsulting.com |
| |
| | | 
Supreme Being
Group: Forum Members
Last Login: 5/15/2008 2:30:52 PM
Posts: 79, Visits: 388 |
| The URL Domain Blacklist filter is not updated dynamically. It runs off of a static text file that resides in your IMail topdir. If you've been running IMail for a long time and have never updated that file yourself, it will have old entries from the original file that version 8.x installers used. You will either need to customize that file manually yourself or use the updated files listed on the Ipswitch Support site and then use the antispamseeder.
Link for the updated files on the Ipswitch Support Site:
http://www.ipswitch.com/support/imail/index.asp
Scroll about 2/3's of the way down that page...
Robbie Boucher
Web Developer - Messaging
Ipswitch, Inc. |
| |
| | | Time Traveler
Group: Forum Members
Last Login: 7/1/2008 3:32:24 PM
Posts: 216, Visits: 415 |
| its also very out of date and almost useless. the server itself cannot handle a good black list. if your file grows beyond 1mb it will crash and break the block list entirely ignoring it for most checks if not all. so its kind of silly that the list itself can only be useful under 1mb. their tech support claims its limitless, but that isnt functional. good blacklists that are 2-3mb large will crash and delete all your entries.
find out new urls at:
http://www.joewein.de/sw/blacklist.htm |
| |
| | | Forum Newbie
Group: Forum Members
Last Login: 4/17/2008 10:53:06 AM
Posts: 7, Visits: 9 |
| | Robbie, Yeah, I've seen that only the premium anti-spam is a dynamic updated list. It just scares me that those URLs got in the list in the first place. And now, today, when my sysadmin downloaded the latest list, I see that windowslive.com is in their URL Domain Black List! When the free version of HotMail (LiveMail) plunks an ad in the footer for "windowslive.com" in outgoing emails to my server, they'll be marked as spam. I know that they can't check it for every "legitimate," "whitelisted" URL in the world. There are millions. However, again, the URLs like amazon.com, airlines, yahoo, MS, etc. Fortune 500 companies, etc. isn't very difficult to accumulate over time (for IPSWITCH). Very frustrating. If this continues, I'll have to take the advice of not using their list at all, and only use the list linked above. **UPDATE** I just did a check for gotomeeting.com and THAT one is still in there too. I've reported this to tech support before and I guess I'll need to do this again.
David Hoffman
Account Manager / Marketing
Albertson Consulting http://www.albertsonconsulting.com |
| |
|
|