SURBL False Positives

  • 7019852
  • 20-Jan-2009
  • 07-Aug-2017

Environment

GWAVA 4 all builds All supported operating systems

Situation

Many good domains are getting blocked as SURBL Answer/

Resolution

The SURBL false positive problem that we have been seeing stems from this: http://www.uribl.com/about.shtml#abuse.  If URIBL.com thinks you've been abusing their free service, they put your DNS server on a blacklist of sorts, and start giving your queries a 127.0.0.255 response instead of a 'not found' response,  which would be interpreted by anti-spam programs as a SURBL positive.  There are a few solutions to this issue. 1) Remove *.uribl.com from your SURBL servers in the GWAVA Management Console.  This is the preferred solution. 2) Change your DNS Server.  Since the queries are DNS-based, uribl.com will look at your  DNS server's IP address. 3) Subscribe to uribl.com data feed service described in the above link

Additional Information

This article was originally published in the GWAVA knowledgebase as article ID 975.