https://bz.apache.org/SpamAssassin/show_bug.cgi?id=8281

            Bug ID: 8281
           Summary: remove uribl.com from default ruleset
           Product: Spamassassin
           Version: unspecified
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Rules
          Assignee: dev@spamassassin.apache.org
          Reporter: a...@boxyfrog.com
  Target Milestone: Undefined

uribl.com lists are checked as part of the SpamAssassin default ruleset.

uribl.com now adds domains to its blacklist [sic] simply when the domain
registrar is one they declare "bad".

Domains should be added to a blocklist only when they are actually observed to
be sending spam. Domains that have no history of sending spam should be
delisted upon request. 

urlbl.com has told me that namesilo and cloudflare, both very popular
registrars, are unacceptable. Simply registering one's domain with one of them
will get you on the blocklist, even if you send no spam and your email server
is properly secured. The will not delist a domain registered with one of these
registrars, even if there is no other basis for its listing.

I could understand maybe listing IP addresses belonging to VPS hosters with a
poor history of handling abuse... but domain registrars?!?

This contradicts urlbl.com's own published policy, which states that
black.uribl.com "contains domain names belonging to and used by spammers,
including but not restricted to those that appear in URIs found in Unsolicited
Bulk and/or Commercial Email (UBE/UCE). This list has a goal of zero False
Positives."

uribl.com no longer follows its own published policies. Listing domains based
solely on their registrar will surely lead to a large number of false
positives. 

I propose that having uribl.com lists checked by default delivers a bad
experience for users, and this should be removed from the ruleset.

-- 
You are receiving this mail because:
You are the assignee for the bug.

Reply via email to