On Sunday, April 25, 2004, 8:57:56 AM, John Fawcett wrote:
Version 0.14 includes the changes which were being discussed last week, so that if ads.msn.com is found in an email only msn.com is being checked against sc.surbl.org.
Regarding redirection sites, we definitely do not want to blacklist the redirection sites of mostly legitimate sites like msn and yahoo.
If their redirection sites are being abused by spammers then they should have the added traffic as incentive to block the abusers.
If there were spam-only redirection sites then those could be easily blocked on.
Another reason to not block legitimate redirection sites is that SA 3.0's urirhsbl will check the redirection site against the SURBL also, and we don't want to block messages simply because a redirection site is used in them. On the other hand the redirection site could get a special A record such as you propose below to say "check further". But that's getting a bit complex on the client side for my likes.
So the choices available to the list maintainer are either:
- list all of msn.com
- list none of msn.com
Since listing all of msn.com is likely to be too wide, this means msn.com will not get listed even if there are subdomains which are candidates for listing.
I've used msn as an example, but the same logic applies to any of the big names like yahoo etc where the list maintainer may want to have more granularity in what is listed rather than list the whole registered domain.
The underlying principle as I see it is that most major site will have functional anti-abuse and anti-spam policies, so either a base domain is good or bad. I know that seems simplistic, but it's easy and fast to implement AND it seems to match reality pretty well.
There are no drug spam sites hosted on yahoo for example, and if there were they would get shut down extremely quickly. The legitimate sites have an incentive to stay that way. Similarly spam ISPs and spam gangs have a seeming incentive to stay that way.
So the dividing line can generally be easily drawn at the registrar domain level.
The solution could be to use a special return code which indicates "query again with more detail". (I remember someone bringing up something similar in the context of ccTLDs as well).
So if ads.msn.com were to be listed in sc.surbl.org it would need two records:
msn.com IN A 127.0.0.255 ads.msn.com IN A 127.0.0.2
The client (in this case SpamCopURI) would find a url ads.msn.com in the email but would query for msn.com as per the current logic.
The return value of 127.0.0.255 then indicates to the client to query for one level lower, ie ads.msn.com.
This same mechanism could be used for ccTLDs. sc.surbl.org could contain:
co.uk IN A 127.0.0.255 co.nz IN A 127.0.0.255
So that if I get xxxxxxxx.co.uk in an email, the client queries for co.uk and it will be told to query with the lower level. The client queries for xxxxxxxx.co.uk
That's an interesting idea. Basically you want to signal redirection to higher domain levels with a special result for levels that should never get checked like co.uk.
That might be doable, but it would require extra logic on the client side as you note. That already sounds more complex than I like, though I see what you're getting at. Better to control what goes into the data (i.e. never let the TLD itself co.uk in), and make sure the client is following similar rules.
We will always catch bigspammer.co.uk with the current strategy.
I know a lot of what I argue for above seems simplistic when a more complex solution could have more interesting results, but very often the simpler solutions are better, especially in terms of resource consumption.
Jeff C.