Hi Jeff,
I believe SpamAssassin's URIDNSBL reduces the URIs to the base domain (e.g. example.com, example.co.uk), so if it encountered "www.freecat.biz," for example, it would lookup freecat.biz, which is not in the list.
That's correct. It may check other levels too, but the spec says to check GTLDs at the second level and CCTLDs in the table at the third. There may be other outlying cases in terms of the number of levels that should be checked, but two and three levels of GTLDs and CCTLDs certainly covers most of the common spams.
Besides URIDNSBL, are there other URI lookup implementations for which it makes sense to include subdomains?
Not sure I understand the question. Can you elaborate?
Since I don't think including subdomains in SURBL zone data does any good with SpamAssassin's URIDNSBL implementation, I was just wondering what else people are using to look up URIs in SURBL. Other sendmail milters that do not use URIDNSBL? Custom MIMEDefang code?
I don't have any problem with subdomains being included in the list. I'm just wondering "Who is benefiting from having subdomains in the list?"
Using the "www.freecat.biz" example: assuming this is a phishing domain, would also including "freecat.biz" in SURBL be a bad idea? Are there cases where we should "trust" the base domain even when a subdomain is used in a phishing email?
Thanks,
Brandon