On Tuesday, April 27, 2004, 10:37:22 PM, John Fawcett wrote:
As far as I could see the table in SpamCopUri contains only the .uk not co.uk. so this means that all .uk domains are being handled in the same way i.e. checked on the third level.
Likewise, I saw .ca in the table not ab.ca, so just as for the uk example everything is being checked at the third level by the client, and so spammer.ca. will be missed.
...
tm.fr gouv.fr asso.fr nom.fr avocat.fr
...
I didn't spot any of these being used on the client. So if I am reading things correctly we will never catch spammer.nom.fr etc.
Maybe if Eric is reading this, he can confirm whether this is the case.
Thanks for the research into how SpamCopURI is handling ccTLDs.
In case it wasn't clear, I was referring to the data side in my description of how the ccTLDs are handled.
For best performance, we probably want to make both the data and client sides behave similarly, whether it's by changing the data side to use the SA module handling ccTLDs, by getting zones with more than two levels out via a special zone or value in SURBLs, or some other way.
But we can say that whitelisting of the known legitimate two-level ccTLDs will guarantee that they won't get into the data and therefore won't match in any SURBL queries. It's a partial solution and does help prevent most FPs that might happen from matching the specific ccTLDs. But it may not be the ultimate solution.
I'll also add a couple points:
1. For SURBLs to be useful preventing FPs is very important, probably more so than catching 100% of spam.
2. So far, :-) there is relatively little abuse of geographic domain names. By far the most abused geographic domain is .us . Spam URI domains in .com, .biz, etc. are several orders of magnitude more numerous than any geographic ones. In that sense catching those is a higher priority, and we are canonically if imperfectly meeting that now.
Jeff C.