-----Original Message----- From: Daniel Quinlan [mailto:quinlan@pathname.com] Sent: Thursday, May 05, 2005 1:19 AM To: discuss@lists.surbl.org Cc: jeffc@surbl.org; dev@spamassassin.apache.org Subject: registrar boundary inconsistencies
I ran SURBL (well, a copy a few weeks old) through the split_domains() function in SpamAssassin to see which listings contained both a host+domain rather than just domain from the perspective of SpamAssassin. Those listings would be missed by the URIBL module.
These are reversed for easier reading, but basically, it works like this:
if this is listed:
com.50megs.brisisbri com.50megs.cddvdmp3 com.50megs.slashbackman
were these then in SURBL:
brisisbri.50megs.com cddvdmp3.50megs.com slashbackman.50megs.com
However, the URIDNSBL plugin would catch none of those unless 50megs.com was listed (it's not) since 50megs.com is the domain as far as SpamAssassin is concerned. However, it would catch them if 50megs.com was in SURBL in addition or instead of those hostname.domain combinations.
Here is the data. We (SURBL or SpamAssassin) need to do one of these actions for each of these listings and SURBL probably has more to say about it (initially, at least) since it's your database.
- change the domain code in SA to consider the domain a registry like eu.org or demon.co.uk (let us know and we'll change our
code as long as it makes sense ;-). This means we don't expect blacklist the entire "registry".
SURBL (or your data provider) blacklists the entire domain
remove the hostname.domain listings ... why bother if nothing's going to hit them
Daniel
I vote for changing the domain code to recognise these domains. Blacklisting the entire domain can have too many problems. Removing the whole thing would let spammers game these domains.
I imagine that SA would need updating a lot for more domains like this. Each release. Unless of course there was some data cf file that we could just update at SARE? SImply a list of these type of domains, so they aren't hard coded?
anyway, I hope you devs are having a great Cinco De Mayo!!
--Chris