On Friday, May 12, 2006, 11:16:40 AM, Brandon Hutchinson wrote:
SpamAssasisn may check more than the specified levels. For example, it may check at levels two and three on GTLDs, or at least it did at one point.
Looking at some of the SA 3.1.1 debug output, SA's URIDNSBL will query only at level 3 for domains with a country code (e.g. .co.uk), and level 2 for other GTLDs (.com).
Examples:
[5180] dbg: uri: parsed uri found, http://www.hydeparkcalling.co.uk/ [5180] dbg: uri: parsed domain, hydeparkcalling.co.uk [5180] dbg: uridnsbl: domains to query: hydeparkcalling.co.uk
[6977] dbg: uri: parsed uri found, http://www.manage-performance.com [6977] dbg: uri: parsed domain, manage-performance.com [6977] dbg: uridnsbl: domains to query: manage-performance.com
So unless my understanding of SA's URIDNSBL is mistaken, and it certainly could be, we'll never catch any of the subdomains in SURBL.
Yes, it's possible SA is coded exactly to spec now, and some of these non-spec data won't get caught with SA.
No big deal; someone probably is using some implementation of URI checking with SURBL that does.
Yes, it's possible.
Jeff C. -- Don't harm innocent bystanders.