On Monday, November 1, 2004, 2:12:26 PM, Justin Mason wrote:
Fred writes:
Jeff Chan wrote:
It may be worth pointing out that uridnsbl does not look up the IP address of the URI against RBLs, but the IP address of the URI domain's *name server*. It's not the same thing as checking the web server against an RBL, but looking up name servers is quite effective if the RBL contains some addresses of spammer name servers, as sbl.spamhaus.org definitely does.
I just have to say THANK YOU BILL! I sat down today to accomplish exactly this, I thought I had an original idea but it looks like you beat me to it. I posted in Bugzilla few days ago to the SA devs that we need this functionality.
FWIW I'm not sure that Fred was the author of the SpamAssassin uridnsbl code, but it was certainly useful of him to point out some uses of it with data sources other than spamhaus.
I just wanted to querry the websites NS server to see if it's listed in SBL-XBL because 9 times out of 10 when I go to report a domain to WS, it's almost always listed in SBL-XBL.
How hard would it be to querry the A record for the domain as well?
hi guys --
the difficulty with the latter is that it's trivial to avoid. a spammer can do
<a href=http://49583495849skjldkjfsdio7345809.domain.com/>spam!</a>
and just ensure that "49583495849skjldkjfsdio7345809.domain.com" has an A record, and that "www.domain.com" and "domain.com" do not, and their spam gets past.
Which falls out of needing to reduce domains to some base form, such as the registrar domain.
One *could* resolve the wild FQDN as found in the spam, but that resolution can be used by the spammer to confirm the delivery of specific messages, for example if 49583495849skjldkjfsdio7345809 in the domain name meant the message was sent to joe@user.com , and there are some other pitfalls.
However no domain can avoid having an NS record for "domain.com".
Yes, every (registrar) domain must have an NS record, and resolving that is much safer than the A record of the URI domain.
However, as Daniel Quinlan pointed out to me, all this name resolution is very time consuming. (I'm working on getting our DNS queries that match NS records in spamhaus into SURBL form per his suggestion, in order to avoid even that resolution.)
Jeff C. -- "If it appears in hams, then don't list it."