"4dquiz-com (dot instead of dash)" is getting DNS service from
orderbox-dns_com ('_' instead of '.') - This makes them immediately
suspect; Some of the subdomains and servers in that domain are strictly
black, others are grey - They have been widely discussed in some non-public
forums recently. Unfortunately there are quite a few DirectI customers
being used as "human shields" by the orderbox-dns_com domains and there
seems to be some sort of close relationship between DirectI and orderbox.
(DirectI are definitely now in the "good guy" category.)
It is likely due to the name server check that the SBL rule was
triggered. As to the SURBL [ws], you'd have to ask (or someone from SURBL
volunteer an answer), but there is probably some reason (it still might be
a FP).
Finally, what threshold are you trying to use that a score near 3
is marked as spam? (My addition of the rules you say were hit, estimated
independent of SA version.)
Paul Shupak
[EMAIL PROTECTED]
