-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Raymond Dijkxhoorn writes:
- Spammers can set up multiple ip addresses to an A record. Whatever
does the reporting should check all A records, from the top down. i.e. query each NS multiple times to make sure it's not being round-robined or reported differently from multiple DNS servers.
- I can easily forsee spammers doing a wildcard subdomain as an effort to
thwart this, if we're doing nslookups.
they already do. this also opens a list-washing hole, as a hidden link to <a href=http://myaddress-rot13-encoded.spammer.com/> will be resolved, indicating to the spammer that some software at the remote end is resolving all links in the message.
SURBL only takes the domain, so thats fine, its only a little feaky for your nameserver, but then again, SA does rely on DNS a lot, so thats now news :)
Yeah. I was referring to the proposal to lookup IP addresses for href hostnames directly (instead of looking up the NS'es.)
- --j.
If OTOH you choose not to use the exact hostname parts of hrefs to avoid this, instead just resolving "www.spammer.com", they can then ensure that spammer.com and www.spammer.com do not resolve to hostnames and spam using links to notwww.spammer.com/payload.html instead.
Very true.
Bye, Raymond.