On Monday, March 14, 2005, 8:00:58 PM, George Georgalis wrote:
but today, a spam came through with a low score, it had a domain in the form something.com.au but might as well have been notrandom.co.uk or similar.
In these cases it would seem reasonable to check the 3rd level name in surbl.
I don't know exactly how SA (which is what I use) modules send the query but it occurs to me that if "co.uk" is sent to surbl, the response might should be a code ip for "give me another level" which would be cached locally and a subsequent "site.co.uk" surbl query sent, which would be evaluated like 2nd level domain normally are.
Is this something that could or has been worked in?
// George
Yep, we thought of that. :-)
http://www.surbl.org/faq.html#cctlds http://www.surbl.org/implementation.html
Cctld domains are processed at either 2 or 3 levels depending on whether registrars for that country allow second or third level registrations or some combination of those levels. The easiest way to do this seemed to be a table lookup, so applications using SURBLs and the SURBL data engine have a list of reserved second level cctlds that will get checked at at the third level:
http://spamcheck.freeapp.net/two-level-tlds
Since the two level cctld list has "co.uk", it means that any domain ending in .co.uk is checked at the third level foo.co.uk. But any second level cctld that's not in the list will be checked at the second level. IIRC .uk doesn't allow direct registrations under their top level, but if they did, this table lookup would still work as long as that second level wasn't listed. So if they changed their policy and allowed foo.uk, foo.uk would still get checked and could be listed. Therefore this also works with countries that do allow second level registrations like .fr . "com.fr" is in the list but "somedomain.fr" isn't, so otherdomain.com.fr and somedomain.fr would both get checked and either or both could be blacklisted.
It's possible that we should have a more generalized way to handle cctlds, but so far spammers have not seemed to use geographic domains very often, other than .us.
Jeff C. -- "If it appears in hams, then don't list it."