-----Original Message----- From: Matthew Wilson [mailto:matthew@boomer.com] Sent: Thursday, March 10, 2005 12:01 PM To: Jeff Chan; SURBL Discussion list Subject: [SURBL-Discuss] Spam Honeypot identification through SURBL

Jeff (and list),

I'm worried that spammers can use SURBL to identify honeypot email servers by using unique subdomains. A spammer must merely send a unique subdomain URL to every address on their list, and if that unique subdomain is blacklisted in SURBL, they have identified a potential honeypot and will no longer send spam to that address/server.

It is therefore my humble opinion that only the second-to-top domain name should be listed in SURBL, and not any of the subdomains.

Thoughts?

-Matthew Wilson

I make it a point to not list subdomains. Only the main domains get listed by me. If one got in, it was an oversight. When some submissions come in from certain projects, I will purposely delay their addition to SURBL, so that spammers can't time them with spam runs. But frankly the domains come from so many different sources, it doesn't matter much.

--Chris