"A quick Google search revealed all kinds of complaints. One company had their entire domain shut down because of SURBL."

I’m the administrator of a small, niche website for a popular 70’s/80’s actor.  Once a month he writes a column for his fans, and when it goes live, I

 post the link to his Facebook fan page. Imagine my surprise when after I did so this month, the result was fans getting this lovely warning when they clicked on it:

“Facebook has teamed up with SURBL to help protect you online. The link you are trying to visit has been identified as potentially unsafe by our trusted partner. Visit the Facebook Security Page to learn more about staying safe on the Internet. SURBL: This website was classified as abusive”

Well I can tell you that’s a complete lie. There’s nothing wrong with the site. The webmaster and I went over it quite thoroughly and found no traces of malware or hacking of any kind. It’s as clean as a whistle.  Once that was determined I went back to the warning and clicked the “Learn More” link, where I discovered that  SURBL stands for Spam URI Realtime Blocklists and that they are lists of URLs that have been found in spam messages. Seems like a pretty stupid way to blacklist if you ask me. Website owners can’t control where their sites will be mentioned. What if a member is banned and in retaliation, decides to send large amounts of spam with the site’s URL included, or spoofs the headers to make it seem like it’s coming from that domain?

A quick Google search revealed all kinds of complaints. One company had their entire domain shut down because of SURBL. It also appears that we’re in good company as every Occupy (Occupy Wall St, Occupy LA, etc) website has also been blacklisted. It’s impossible to find out how they decide what sites to blacklist, as they obviously won’t make that info public. So I start looking around to figure out how to get my site off their list. I find their removal form. This is where the fun starts.

They want all kinds of personal info. Name, email, phone number, postal address. Then they want my site’s IP address. The fun starts when I get to the part demanding the full headers and source of the marketing emails sent from the site. No can do. We don’t send out any kind of marketing or advertising emails, never have. Then they want the URL and text of our advertising policy. Again, since we don’t send out those types of emails, we don’t have one! (The site sends out two emails. One goes to each member on their birthday, the other, to new members to let them know their account has been activated. That’s it!) Finally, they want all the domain registration info. I sent off the form and we’ll see what happens.

I should not have had to do all that as nothing is wrong with my site and we don’t send out any kind of marketing emails. I’m not sure how it got on there. Either some spammer spoofed the domain in their messages, or someone maliciously reported the website. Have you ever had your website blacklisted unfairly? Please share your story with us!