On Wednesday, July 14, 2004, 1:17:39 PM, Ryan Thompson wrote:
Patrik Nilsson wrote to SURBL Discussion list:
8m.com seem to be used for sub-domain delegation.
While some of those subdomains might be used in spam, not all are, so maybe 8m.com should be white-listed and just the subdomains be listed?
It's currently listed in ds and ws.
Hmm. I'm sure this has been considered, so I'll phrase it as a question. :-) Why don't we just add some subdomain hosts like this to the list of TLDs (i.e., we treat 8m.com as a TLD)?
Yes we could do that, and it could be useful, and it may be a useful feature to keep in mind for future use. I like the idea that it could be part of a more flexible, generalized approach to TLDs and domain levels in general....
That way, this would be more or less automatic, and we would be able to drill down to any level in the hierarchy, as required. True, success might be limited by the potentially much quicker rate spammers can sign up for (and dispose of) these subdomains, especially on free hosting services... That way, we don't have to white list anybody, and legit sites aren't affected.
The worst mark against this that I could think of would simply be the rate at which spammers can potentially get ahold of these subdomains. (Especially on free hosting sites), which may or may not make it worth the effort to list subdomains.
That's a good point, but our main concept is that domains are either spammers' or mostly legitimate. If an entire domain is only ever used for spam, as certainly thousands set up by professional spammers are, then we can list those. If a domain is occasionally abused by spammers but it otherwise run by legitimate organizations that have and enforce policies against spam and spam site hosting, then we probably don't want to list those.
Subdomains are an interesting sub-case, but generally it will be the responsibility of the parent domain or subdomain hosting site to stop abuse of their own services. Even some of the spam-friendly hosting companies probably won't allow subdomains of their own main domains to be used by spammers as that would open them up to whole new levels of responsibility for the spam, which is probably why most of the professional spam sites are on custom domains (which we can easily and safely list).
(Similar arguments can be made for listing IP addresses, which we typically don't do. The potential for collateral damage, particularly for a shared hosting environment, is much greater when IP addresses are listed, for example.)
Jeff C.