I dont know if I have missed any discussion on this topic - but suppose the SPAMMER just loads up the body with random domains - that means lots of surbl calls. It seems too easy for spammers to foil this technique.
Anthony
Hi!
but suppose the SPAMMER just loads up the body with random domains - that means lots of surbl calls. It seems too easy for spammers to foil this technique.
They can also do that with adding headers on the mail envelope and so on. In the end they want people driven to their websites, so would not make sense i think. But surely, could be multiple hits. Thats why large servers are better off running local copy's of a RBL (any RBL).
Bye, Raymond.
On Tuesday, April 13, 2004, 3:18:02 PM, Anthony McCarthy wrote:
I dont know if I have missed any discussion on this topic - but suppose the SPAMMER just loads up the body with random domains - that means lots of surbl calls. It seems too easy for spammers to foil this technique.
SURBL calls are cheap. They're just name resolution lookups into your local name server cache. That's a big advantage of RBLs in general: the zone file and therefore database is cached locally.
Also SURBL has an advantage over other RBLs in that no recursive name resolution of the URI domain is needed. In other words bigspammer.com does not need to be resolved into its 10.10.10.10 IP address. We don't need to do that expensive kind of name resolution on a message body URI domain to compare it to a name in the SURBL; we're just comparing names to names, not names to numbers.
(Most other RBL usages that look at message body URIs must resolve their domains into IP addresses before they can be compared against a numeric RBL. That resolution imposes a timeout delay which slows down message processing significantly. Comparing name to name is very much faster.)
Jeff C.
-
Anthony McCarthy -
Jeff Chan -
Raymond Dijkxhoorn