Jeff said:
Note also the repeated DNS queries on the same domain are hopefully cached by the local resolver at least within the positive caching TTL. ...Perhaps this is an experiment you could try (to check the positive caching behavior) for us
Good point, Jeff. I'll check into this.
However, I still think my idea may be more efficient overall because some non-hits will be checked with each message sometimes before the "guilty" URI is found. If a spammer purposely adds a variety of non-spams, either through purposeful poisoning, or incidentally via other typical obfuscation or "mixing it up" techniques... then this could mean a large variety of URIs looked up which could have been avoided??
Or, is this scenario I describe far fetched and not representative of what would actually happen?
Rob McEwen