You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Ben <be...@list-subs.com> on 2014/03/04 17:52:23 UTC
bit.ly and Spamhaus DBL
Hi,
I'm filtering strongly on Spamhaus DBL....which is working great.
Except for bit.ly which Spamhaus take exception to.
How can I reduce the weighting specifically for the bit.ly domain ?
Thanks !
Ben
Re: bit.ly and Spamhaus DBL
Posted by Axb <ax...@gmail.com>.
On 03/05/2014 02:18 PM, Joe Quinn wrote:
> On 3/5/2014 7:18 AM, Ben wrote:
>>
>> On 05/03/2014 05:47, Benny Pedersen wrote:
>>> On 2014-03-04 18:52, Ben wrote:
>>>
>>>> Just for my reference, is there a way to affect the score rather than
>>>> skip completely ?
>>>
>>> score FOO (1) (1) (1) (1)
>>>
>>> add one point to FOO rule
>>>
>>> it also works with negative scores that will subtract scores
>>>
>>> post sample if more help is needed
>>
>> Thanks, will have a play around !
> By the way, I recommend you inform Spamhaus of the FP on bitly. I would
> have never put it on a blacklist to begin with, due to the overwhelming
> hammy use that already exists.
Joe,
Their bit.ly entry is not an FP
looks at the SA rules, read the DBL listing policy before proclaming the
listing a FP.
Re: bit.ly and Spamhaus DBL
Posted by Thomas Harold <th...@nybeta.com>.
On 3/5/2014 9:40 AM, Neil Schwartzman wrote:
>
> Yeah. An abused, and abusive redirector. They only deal with abuse
> Monday-Friday, 9:00-17:00.* They never break links, but put an
> interstitial in between the victim and the payload. Gee thanks.
>
They do at least deal with it.
We reported a pair of links to them at 10am on Wednesday and they were
dealt with in under 48h. Maybe not as fast as some would like, but the
reporting process was painless.
Their warning message has also been stepped up a notch:
> Stop - there might be a problem with the requested link
>
> The link you requested has been identified by bitly as being
> potentially problematic. This could be because a bitly user has
> reported a problem, a black-list service reported a problem, because
> the link has been shortened more than once, or because we have
> detected potentially malicious content. This may be a problem
> because:
>
> Some URL-shorteners re-use their links, so bitly can't guarantee the
> validity of this link.
>
> Some URL-shorteners allow their links to be edited, so bitly can't
> tell where this link will lead you.
>
> Spam and malware is very often propagated by exploiting these
> loopholes, neither of which bitly allows for.
>
> The link you requested may contain inappropriate content, or even
> spam or malicious code that could be downloaded to your computer
> without your consent, or may be a forgery or imitation of another
> website, designed to trick users into sharing personal or financial
> information.
Re: bit.ly and Spamhaus DBL
Posted by Joe Quinn <jq...@pccc.com>.
On 3/5/2014 9:57 AM, Neil Schwartzman wrote:
> On Mar 5, 2014, at 10:40 PM, Neil Schwartzman <ne...@cauce.org> wrote:
>
>> Yeah. An abused, and abusive redirector. They only deal with abuse Monday-Friday, 9:00-17:00.* They never break links, but put an interstitial in between the victim and the payload. Gee thanks.
>
> BTW spamhaus aren’t the only ones fed up with Bit.ly’s laconic attitude towards abuse.
>
>> The URL you recently submitted has been accepted as a phishing site by Netcraft.
>>
>> URL:
>> https://bit . ly/OZVosY
Today I learned!
The original question was on reducing the weight of just the bit.ly
URIBL score and I must have subconsciously inserted "because it is an FP".
Sorry for derailing the thread.
Re: bit.ly and Spamhaus DBL
Posted by Neil Schwartzman <ne...@cauce.org>.
On Mar 5, 2014, at 10:40 PM, Neil Schwartzman <ne...@cauce.org> wrote:
> Yeah. An abused, and abusive redirector. They only deal with abuse Monday-Friday, 9:00-17:00.* They never break links, but put an interstitial in between the victim and the payload. Gee thanks.
BTW spamhaus aren’t the only ones fed up with Bit.ly’s laconic attitude towards abuse.
> The URL you recently submitted has been accepted as a phishing site by Netcraft.
>
> URL:
> https://bit . ly/OZVosY
Re: bit.ly and Spamhaus DBL
Posted by RW <rw...@googlemail.com>.
On 5 Mar 2014 22:40:37 +0800
Neil Schwartzman wrote:
> On Mar 5, 2014, at 9:38 PM, RW <rw...@googlemail.com> wrote:
>
> > On Wed, 05 Mar 2014 08:18:39 -0500
> > Joe Quinn wrote:
> >
> >
> >> By the way, I recommend you inform Spamhaus of the FP on bitly.
> >
> > It's not an FP, Spamhaus lists it as a redirector, which it is. As
> > has already been pointed-out it scores 0.001 in SA.
>
> Yeah. An abused, and abusive redirector. They only deal with abuse
> Monday-Friday, 9:00-17:00.* ...
Which makes it all the odder to increase the score for URIBL_DBL_REDIR
and then reduce it for bit.ly.
Re: bit.ly and Spamhaus DBL
Posted by Neil Schwartzman <ne...@cauce.org>.
On Mar 5, 2014, at 9:38 PM, RW <rw...@googlemail.com> wrote:
> On Wed, 05 Mar 2014 08:18:39 -0500
> Joe Quinn wrote:
>
>
>> By the way, I recommend you inform Spamhaus of the FP on bitly.
>
> It's not an FP, Spamhaus lists it as a redirector, which it is. As has
> already been pointed-out it scores 0.001 in SA.
Yeah. An abused, and abusive redirector. They only deal with abuse Monday-Friday, 9:00-17:00.* They never break links, but put an interstitial in between the victim and the payload. Gee thanks.
*
> Thank you for reaching out to Bitly support!
>
> We have received your message and will respond within five business days. Our standard support hours are 9:30am to 5:30pm Eastern Time Monday-Friday.
>
> All the best,
>
> The Bitly Support Team
Re: bit.ly and Spamhaus DBL
Posted by RW <rw...@googlemail.com>.
On Wed, 05 Mar 2014 08:18:39 -0500
Joe Quinn wrote:
> By the way, I recommend you inform Spamhaus of the FP on bitly.
It's not an FP, Spamhaus lists it as a redirector, which it is. As has
already been pointed-out it scores 0.001 in SA.
Re: bit.ly and Spamhaus DBL
Posted by Joe Quinn <jq...@pccc.com>.
On 3/5/2014 7:18 AM, Ben wrote:
>
> On 05/03/2014 05:47, Benny Pedersen wrote:
>> On 2014-03-04 18:52, Ben wrote:
>>
>>> Just for my reference, is there a way to affect the score rather than
>>> skip completely ?
>>
>> score FOO (1) (1) (1) (1)
>>
>> add one point to FOO rule
>>
>> it also works with negative scores that will subtract scores
>>
>> post sample if more help is needed
>
> Thanks, will have a play around !
By the way, I recommend you inform Spamhaus of the FP on bitly. I would
have never put it on a blacklist to begin with, due to the overwhelming
hammy use that already exists.
Re: bit.ly and Spamhaus DBL
Posted by Ben <be...@list-subs.com>.
On 05/03/2014 05:47, Benny Pedersen wrote:
> On 2014-03-04 18:52, Ben wrote:
>
>> Just for my reference, is there a way to affect the score rather than
>> skip completely ?
>
> score FOO (1) (1) (1) (1)
>
> add one point to FOO rule
>
> it also works with negative scores that will subtract scores
>
> post sample if more help is needed
Thanks, will have a play around !
Re: bit.ly and Spamhaus DBL
Posted by Benny Pedersen <me...@junc.eu>.
On 2014-03-04 18:52, Ben wrote:
> Just for my reference, is there a way to affect the score rather than
> skip completely ?
score FOO (1) (1) (1) (1)
add one point to FOO rule
it also works with negative scores that will subtract scores
post sample if more help is needed
Re: bit.ly and Spamhaus DBL
Posted by Axb <ax...@gmail.com>.
On 03/04/2014 06:52 PM, Ben wrote:
>
>> uridnsbl_skip_domain bit.ly
>
> Thanks, will try that.
>>
>> or you liked the other way, score when bit.ly is in urls ?
>
> Just for my reference, is there a way to affect the score rather than
> skip completely ?
according to my copy of the DBL zone,
bit.ly is in the redirector section with response
:127.0.1.3:http://www.spamhaus.org/query/dbl?domain=$
urirhssub URIBL_DBL_REDIR dbl.spamhaus.org. A 127.0.1.3
body URIBL_DBL_REDIR eval:check_uridnsbl('URIBL_DBL_REDIRECTOR')
describe URIBL_DBL_REDIR Contains a URL listed in the DBL as a spammed
redirector domain
tflags URIBL_DBL_REDIR net domains_only
50_scores.cf
score URIBL_DBL_REDIR 0 0.001 0 0.001
what score do you have for URIBL_DBL_REDIR ?
0.001 can hardly be the FP cause.
Re: bit.ly and Spamhaus DBL
Posted by Ben <be...@list-subs.com>.
> uridnsbl_skip_domain bit.ly
Thanks, will try that.
>
> or you liked the other way, score when bit.ly is in urls ?
Just for my reference, is there a way to affect the score rather than
skip completely ?
Re: bit.ly and Spamhaus DBL
Posted by Benny Pedersen <me...@junc.eu>.
On 2014-03-04 17:52, Ben wrote:
> I'm filtering strongly on Spamhaus DBL....which is working great.
> Except for bit.ly which Spamhaus take exception to.
> How can I reduce the weighting specifically for the bit.ly domain ?
uridnsbl_skip_domain bit.ly
or you liked the other way, score when bit.ly is in urls ?