>-----Original Message-----
>From: Matthew Wilson [mailto:matthew@boomer.com]
>Sent: Thursday, March 10, 2005 12:01 PM
>To: Jeff Chan; SURBL Discussion list
>Subject: [SURBL-Discuss] Spam Honeypot identification through SURBL
>
>
>Jeff (and list),
>
>I'm worried that spammers can use SURBL to identify honeypot email
>servers by using unique subdomains. A spammer must merely
>send a unique
>subdomain URL to every address on their list, and if that unique
>subdomain is blacklisted in SURBL, they have identified a potential
>honeypot and will no longer send spam to that address/server.
>
>It is therefore my humble opinion that only the second-to-top domain
>name should be listed in SURBL, and not any of the subdomains.
>
>Thoughts?
>
>-Matthew Wilson
I make it a point to not list subdomains. Only the main domains get listed
by me. If one got in, it was an oversight. When some submissions come in
from certain projects, I will purposely delay their addition to SURBL, so
that spammers can't time them with spam runs. But frankly the domains come
from so many different sources, it doesn't matter much.
--Chris