At 13:57 2004-08-05 -0700, Jeff Chan wrote:
Wouldn't it be better if we could treat these kind of third level redirectors similarly to the way we treat subdelegated country domains - checking the third level domain rather than the second?
Yes and no. It might be nice to be able to block only spammy third level domains at redirection sites, but that could also rapidly expand the size of our lists.
Extending what is done in RegistrarBoundaries.pm for URIDNSBL would probably be easier than doing something similar in SpamCopURI though.
It's all technically probably doable, but I'd expect the data to get too large.
I'm not following you here. Why would the data get *too* large? If the added data consists of spammy third level domains, wouldn't it be just as valuable as spammy second level domains? Listing spammythirdlevel.secondlevel.com wouldn't mean much more data than listing spammysecondlevel.com would it?
The actual list of second level domains used for third level redirection would be separate, and not likely to grow particularly large.
The best answer is to get the redirection sites to deny access to abusers, for example by using SURBLs as some have done:
While having redirection sites doing this is a nice thing, we can't count on or hope for them doing so, and even if they do, we will still end up with spammy third level domains on those servers, since the uri they redirect to might not be listed yet - or even ever. If the spammers only use redirecting uri's in their spam bodies, there is good chance that their final redirected-to-uri will not be reported and listed for quite some time.
Suppose I'm Spammy, and I know how SURBL works currently.
I set up a site on the uri http://spammyssite.spammysfreshdomain.com/ I then set up a few redirects on different redirection sites, preferably ones that I know are actually whitelisted in SURBL. For example spammy.rg3.net. As spammysfreshdomain.com has not been used in any spam, the redirect sites that check surbl before allowing additions will not find anything. I then use only those redirects in uris in my spam, never spammysfreshdomain.com.
For spammysfreshdomain.com to end up on SURBL in this set-up, quite a bit of manual checking would be required.
Or am I missing something?
BTW - this is not only a problem with third-level-redirectors, but also with webhosting companies such as 150m.com, that delegate third level domains to their hosting customers.
Also - this is a type of spam URIs where SURBL could offer a solution but where checking dns servers in SBL can not.
Patrik