On Friday, May 12, 2006, 9:31:57 AM, Brandon Hutchinson wrote:
Since I don't think including subdomains in SURBL zone data does any good with SpamAssassin's URIDNSBL implementation, I was just wondering what else people are using to look up URIs in SURBL. Other sendmail milters that do not use URIDNSBL? Custom MIMEDefang code?
SpamAssasisn may check more than the specified levels. For example, it may check at levels two and three on GTLDs, or at least it did at one point.
I don't have any problem with subdomains being included in the list. I'm just wondering "Who is benefiting from having subdomains in the list?"
Using the "www.freecat.biz" example: assuming this is a phishing domain, would also including "freecat.biz" in SURBL be a bad idea? Are there cases where we should "trust" the base domain even when a subdomain is used in a phishing email?
If a subdomain is listed, the subdomain should be checked. It's not necessarily safe to check the base domain when a subdomain is listed. For example if phishing.freehost.com is blacklisted, checking freehost.com is probably not a good idea. I do realize this is somewhat off spec.
Jeff C. -- Don't harm innocent bystanders.