On Friday, September 10, 2004, 7:43:51 AM, Chris Santerre wrote:
-----Original Message----- From: Frank Ellermann [mailto:nobody@xyzzy.claranet.de] Sent: Thursday, September 09, 2004 10:01 PM To: discuss@lists.surbl.org Subject: Re: [SURBL-Discuss] Whitelist Please
Jeff Chan wrote:
Chris and Ryan and Raymond, don't even think about proposing a subdomain list. LOL! ;-)
What's the problem with this idea ? It would be only one level above the real host, so for say claranet.de you would have to consider www.claranet.de and xyzzy.claranet.de, but you would ignore www.xyzzy.claranet.de or more.levels.xyzzy.claranet.de
Then if I start to spamvertize my site you catch me without hitting any other user.claranet.de (let alone www.claranet.de)
Assuming that my ISP doesn't neeed weeks to cancel my account after I started to spam the xyzzy entry will expire soon.
Yes, we've thought about this and decided to go with the base domain for several reasons.
1. Spammers use randomized subdomains on many levels above the third or fourth. It would be impossible and also meaningless in many cases to try to capture all of those levels, given the common randomization.
2. Some of the randomized subdomains are unique to a particular spam or batch of spams, therefore logging each unique one both notifies the spammer that their spam got through (thus confirming the recipient address for them) and means that we don't necessarily catch their registered domain.
3. It doesn't focus on what we're trying to go after: the many freshly registered "disposable" spam domains.
4. If a hosting company is legitimate, they will kick out any spammers using subdomains under their parent domain. If they don't then we can begin to consider the hosting company spam-friendly. Most hosting companies do not tolerate subdomain spammers, and that is reflected in the lack of spams we see with subdomains of legitimate domains.
Hopefully some of those will seem at least somewhat reasonable.
It's about time ICANN cracked down on rogue registrars.
I'll believe it when I see it. These registrars pay ICANN's budget, don't they ?
Eventually the registrars should be held accountable for hosting spammer domains. It's good to at least see some movement in that direction.
There will always be disagreement about that optimization point. That is natural. (It's also a PITA.)
Sometimes your criteria appear to be a bit obscure for me. Of course some people may love a "joke of the day" mail - that's okay, if they like it they won't report it as spam.
But others don't like any unsolicited jokes, and they would report it as spam. In that case the joke-of-the-day site _is_ spamming, and it's okay to list them. Even if they also have some real fans with a "legit" interest in their joke of the day. In that case you can't avoid a collateral damage, whatever you do. Bye, Frank
Yes, collateral damage is easily avoided. Don't list them.
Should we ***block everyone else's use*** of the Joke of the day domain? I don't think so.
hmmm.... can't we treat these like we treat com.ar tld? or co.uk? Like Frank said, just checking the subdomain one more level up for these guys. I don't see the harm in that. Or am I missing something again?
I think what Jeff meant was another SURBL list entirely ;) No, I think we have enough as well.
--Chris
See above. There are specific and good reasons why we did not list subdomains of registered domains. No solution is perfect but this one seems to fit the data the best. We actually debated this already, very early in the design process.
Jeff C.