The case of URIBL.com

Post Reply
User avatar
Nulander
Posts: 2136
Joined: Fri Mar 26, 2010 3:09 am

The case of URIBL.com

Post by Nulander » Sat Jul 03, 2010 5:49 pm

I don't want to appear as annoying but someone has concrete news about the issue that involves the Registrar RSS of URIBL?

I have completely stopped to send them e-Mails, as it seems totally useless. I understand that GoDaddy has acted in a very unfair way abusing of their service just to menace its rogue users, but as it is described on their page, if you ask them for the access, they have promised to enable it on the account of the applicant.

alphacentauri
Posts: 3291
Joined: Mon Nov 02, 2009 12:52 pm

URIBL access

Post by alphacentauri » Sun Jul 04, 2010 12:13 am

I have emailed as well.

I think there has been a change in the wording of the announcement on their website -- I can't remember exactly what it said before. Currently, it seems to indicate they are still assessing what their next step will be. If that is the case, it makes sense they would not say yes or no to our emails. I wish they would at least send an auto-ack, though. I got an acknowledgment to my first email that just gave me the link to the announcement, but my follow up emails have received no acknowledgment at all.

c۞g
Posts: 21225
Joined: Mon Jan 05, 2009 4:02 am

echo

Post by c۞g » Sun Jul 04, 2010 10:47 am

my follow up emails have received no acknowledgment at all
ditto.
:/

I sure would like to know what sources they use to get the initial data.

The RSS feed: Listings by Registrar was a "delicate" list to use for WOT ratings, for example it contained many innocent sites, some new, some old.(non spam, aka "FP").

The Listings by Nameserver however was much more accurate, a valuable source for domains sitting on NameServers.
This one I would like to see made public again - it never listed "GoDaddy" as a subcategory as the Registrars list did.

Guest

How

Post by Guest » Sun Jul 18, 2010 5:43 am

I still can't get to it.
Edit: I can now.

c۞g
Posts: 21225
Joined: Mon Jan 05, 2009 4:02 am

careful review

Post by c۞g » Sun Jul 18, 2010 3:51 pm

careful review

Yes, do not blindly snag all domains listed and mass-rate them based on appearing on URIBL.
You need to visit each site, if active, confirm it's intent. group like sites together, example: separate Diamond Replicas from Canadian Pharmacy or from My Canadian Pharmacy and mas-rate them in their "groups" As for linking... I still use uribl.com links, but with others as well such as SpamTrackers.eu wiki topics, whois, and robtex DNS There's nothing wrong with providing evidence that determines your rating / comment; it actually validates your ratings.

Examples:
Canadian Pharmacy - http://www.mywot.com/scorecard/smellbear.ru/comment-8636570
Diamond Replicas - http://www.mywot.com/scorecard/vodkapage.ru/comment-8636494
Cheap OEM Software - http://www.mywot.com/scorecard/broadreachstudios.com/comment-8636328

Anton Samsonov
Posts: 80
Joined: Tue Mar 15, 2011 5:34 am

Mass rating usually looks like uncareful

Post by Anton Samsonov » Tue Mar 15, 2011 7:34 am

There's nothing wrong with providing evidence that determines your rating / comment; it actually validates your ratings.
Such comments actually sound like “Hey, someone blacklisted a new site — and I felt an irresistible urge to relay those concerns into MyWOT, no matter how reliable the original listing criteria were. Even if it was just a dumb robot, I don't care about that; I care about my personal scores only, someday I gonna receive Rhodium status for this”.

Let's take a look at your first example:
Canadian Pharmacy — [url=http://www.mywot.com/scorecard/smellbear.ru/comment-8636570 t=_self]smellbear.ru[/url]
[url=http://rss.uribl.com/ns/a5n_ru.html t=_self]Listed Domains on a5n.ru Nameservers[/url]
[url=http://whois.domaintools.com/smellbear.ru t=_self]Whois smellbear.ru[/url]
[url=http://www.robtex.com/dns/smellbear.ru.html t=_self]DNS info on smellbear.ru[/url]

What is this all about?
  • Information on rss.uribl.com is deleted either when the data expires after 3 days of domain cease, or after the domain is no longer blacklisted, but your comment in MyWOT stays forever and is not updated.
  • Whois page doesn't even explicitly indicate that the domain is actually russian one, not canadian, — if it isn't obvious for someone that .ru domains are russian, then that raw Whois info won't add up a bit of clarification
  • DNS tools page shows 3 links, 2 of which are irrelevant: one of them is [url=http://www.alexa.com/siteinfo/smellbear.ru t=_self]Alexa ranking page[/url] with no useful information about that particular domain, the other one is back-reference to MyWOT. The last one directs to [url=http://rbls.org/smellbear.ru t=_self]rbls.org[/url] cumulative listing, witch indicates that only [url=http://www.surbl.org/ t=_self]multi.surbl.org[/url] flags this domain in some way; the list's name “multi” implies that it is combined list — with most probability of false-positives.
As a result, your comment looks like “Hey, I don't know what all this is about, but that bunch of links should make my comment look more weighty”.


Identity theft / credit card abuse
FAKE online pharmacy
enter no information, attempt no purchase
By the way, when you write comments like this, please, express yourself more clearly, so that non-English speaking users won't confuse your statements (“facts” about the site) and your advices (recommendations).



My point is: the presence of some domain in a black-list is merely a cause (motive) to check the site (and nobody is interested in your motives) — and by any means not a reason to rate the site poorly in MyWOT.

c۞g
Posts: 21225
Joined: Mon Jan 05, 2009 4:02 am

RE: Mass rating usually looks like uncareful

Post by c۞g » Tue Mar 15, 2011 4:54 pm

Concerning uribl.com not all domains referenced are not blacklisted by uribl
example would be the FP's as found in the Registrar RSS feed; however the nameServer feed is much more accurate.
But you're not discussing uribl.com (the topic of this discussion), but rather desire to condemn my "comment style"

In your example of my scorecard comment for: smellbear.ru
you forgot to reference the Spamtrackers wiki link:
http://spamtrackers.eu/wiki/index.php/Canadian_Pharmacy

FYI, I seldom reference uribl in a comment; it's become... rare.
I no longer reference whois links either, since they are available at the top of every scorecard (built-in), it's redundant.

As for the DNS: [url=http://www.robtex.com/dns/smellbear.ru.html t=_self]http://www.robtex.com/dns/smellbear.ru.html[/url]
you state:

DNS tools page shows 3 links, 2 of which are irrelevant: one of them is Alexa ranking page with no useful information about that particular domain, the other one is back-reference to MyWOT. The last one directs to rbls.org cumulative listing, witch indicates that only multi.surbl.org flags this domain in some way; the list's name “multi” implies that it is combined list — with most probability of false-positives.
 

I see you never looked up and viewed the tabbed menu:
[url=http://www.robtex.com/dns/smellbear.ru.html#summary t=_self]Summary[/url]
[url=http://www.robtex.com/dns/smellbear.ru.html#records t=_self]Records[/url]
[url=http://www.robtex.com/dns/smellbear.ru.html#graph t=_self]Graph[/url]
[url=http://www.robtex.com/dns/smellbear.ru.html#shared t=_self]Shared[/url] - a personal favorite
[url=http://www.robtex.com/dns/smellbear.ru.html#whois t=_self]Whois[/url]
[url=http://www.robtex.com/dns/smellbear.ru.html#blacklists t=_self]Blacklists[/url] - rbls.org, a sister site of robtex.com = major spam listings
[url=http://www.robtex.com/dns/smellbear.ru.html#analysis t=_self]Analysis[/url] - DNS delegation
[url=http://www.robtex.com/dns/smellbear.ru.html#contact t=_self]Contact[/url] - reguarding DNS issues

I can only provide the link, it's up to the visitor to correctly use the information provided.

As for my comment:
Identity theft / credit card abuse
FAKE online pharmacy
enter no information, attempt no purchase


The comment category chosen is Phishing or other scams
hence: Identity theft [phishing]
/ credit card abuse [other scams]
FAKE online pharmacy - visiting the site, it's determined what it is and the link to spamtracker's wiki offering evidence.
enter no information, attempt no purchase - my simple advice; take it or leave, your choice.

I keep my comments short and to the point as requested by WOT in this [url=http://www.mywot.com/blog/167-comments-the-good-the-bad-and-the-ugly t=_self]Blog article[/url]:
When writing your comments, please consider the following:
  • Be objective and truthful. Useful comments include not only whether you liked or disliked a site, service or product, but also why.
  • Differentiate between the technical safety of the site and the content
  • Support your assertions or statements
  • Try to keep it short, but focused

My comments are short, they provide evidence via links when available and I most always include the DNS: robtex link incase I revisit the scorecard, it's a simple "click" away. And yes, I visit the domains I rate (sometimes via an automated browser session)

Blacklists are only one source.
Sometimes users create custom "lists" grouping like-sites, a good example are the clickbank scams or afiliate "work from home / get rich quick" scams - none you'll find on uribl, or malwaredomains, or caught in a honeytrap, etc.

As for "lists" versus WOT ratings, some are automated, re: [url=http://www.mywot.com/wiki/Trusted_Sources t=_self]Trusted sources[/url]
There are WOT users who are also members of those Trusted sources and when entries are made "there" they are also entered "here"...

Anton Samsonov
Posts: 80
Joined: Tue Mar 15, 2011 5:34 am

RE: Mass rating usually looks like uncareful

Post by Anton Samsonov » Sat Mar 19, 2011 9:14 am

You… rather desire to condemn my “comment style”.
First of all, it isn't a personal attack on you, but a common criticism on “irrelevant evidence” writing style. That's because the style is everything. And I mean: EVERYTHING. You think that some link(s) prove your opinion, but in fact they deny it, — either explicitly (when user follows your link and sees the opposite to that you said) or indirectly (when user sees nothing that could prove your statements).


In your example of my scorecard comment for smellbear.ru you forgot to reference the Spamtrackers wiki link.
I didn't forget — I just didn't mentioned it, because it was relevant, and my criticism was not targeted at relevant links. But, even when someone appeals to a relevant proof, and yet adds 3 other, irrelevant, links, the first thought is: “Well, this guy has only 1 source of information what seems to be reliable, but wants us to think that there are 4 sources”. This lowers the level of trust for your comment, and, combined with prejudiced low level of trust for any mass-action, makes to disregard your comment at all.


As for the DNS tools, I see you never looked up and viewed the tabbed menu.
Try to be honest. How does that DNS tool in any way prove your statements about rated site? For an unexperienced user, it's just a collection of irrelevant raw data. And an experienced user probably has his/her own favorite DNS/Whois tool, so the first question he/she asks, would be: “Why this guy wants me to use that specific tool instead of mine? Is this some kind of manipulation?” The second question would be: “Anyway, it's just DNS/Whois. What does its data prove at all?” In other words, where on those pages it is somehow proved or at least mentioned, that a site has issues with “Identity theft / credit card abuse”, and that it is “FAKE online pharmacy”?


“enter no information, attempt no purchase” — my simple advice; take it or leave, your choice.
My point was that users with poor English (including those who rely on automatic translation) could consider this solid block of text as a single statement about the site, not as your personal advice. I.e. that the site “doesn't provide enough information and had some issue with transaction processing when you tried it” — which is not a steady base to consider some site as fraudulent.


As for “lists” versus WOT ratings, some are automated, re: Trusted sources
Feel the difference!™ :-)

The MyWOT engine itself has a high level of trust, because:
  1. those automated sources are carefully selected;
  2. listings and de-listings take place in 24 hours.
Why must users think that your sources are of same reliability? (Roughly speaking, if they were so reliable, why didn't MyWOT incorporate them?) What about removal of your negative opinion after a domain is de-listed?

I actually came to this forum today after reading another old comment of yours (about [url=http://www.mywot.com/ru/scorecard/awsurveys.com/comment-2255957 t=_self]awsurveys.com[/url] on 2009-08-20):Listed Domains registered at GO DADDY SOFTWARE, INC.
re: [url=http://rss.uribl.com/nic/GO_DADDY_SOFTWARE_INC_.html t=_self]rss.uribl.com/nic/GO_DADDY_SOFTWARE_INC_.html[/url]
Do you want the readers to believe that a site is spamvertised just because the domain was registered at a popular registrant company? Well, even if a reader doesn't like Go Daddy as much as you do, what would he/she see upon following your link? As for now, that page on rss.uribl.com doesn't list awsurveys.com, so your comment looks like a false claim.


…the nameServer feed is much more accurate. But you're not discussing uribl.com (the topic of this discussion)…
I do discuss uribl.com and any other blacklisting service that tends to have temporary nature and doesn't keep report history. I also do discuss the strategy of “proving” that some site is malevolent just because it is hosted on a server together with other sites that seem malevolent, or just because they share the same name-server, or just because they were registered by the same authority. Any such “evidence” is bullshit.

Post Reply

Who is online

Users browsing this forum: No registered users and 4 guests