[SURBL-Announce] DNS modification services can distort DNSBL results

SURBL Announcement list [READONLY] announce at lists.surbl.org
Fri Aug 21 09:47:28 CEST 2009


An increasing number of DNS services are being deployed to protect end
users against and to monetize typo, malware, phishing and spam sites
by redirecting web service to an alternate site. Generally they do
this by changing the IP address or NXDOMAIN responses to DNS queries.
Unfortunately these changes can adversely affect SURBL DNS responses
and create false positives or false negatives. One way to test for
this is to make sure that responses to SURBL DNS queries are in 127/8,
or more specifically 127.0.0.0/24. While this won't fully determine
correct results, it's still a recommended and good basic input
verification test. A good solution is to run a local caching
nameserver for DNS resolution, which can also improve performance.
More information can be found at:

http://www.surbl.org/faq.html#dnsproxy
http://www.surbl.org/implementation.html
http://www.surbl.org/public-dns.html


More information about the Announce mailing list