[SURBL-Discuss] multiple domains in spam body

Jeff Chan jeffc at surbl.org
Tue Apr 13 16:21:42 CEST 2004


On Tuesday, April 13, 2004, 3:18:02 PM, Anthony McCarthy wrote:
> I dont know if I have missed any discussion on this topic -
> but suppose the SPAMMER just loads up the body with random domains -
> that means lots of surbl calls.  It seems too easy for spammers to
> foil this technique.

SURBL calls are cheap.  They're just name resolution lookups into
your local name server cache.  That's a big advantage of RBLs in
general: the zone file and therefore database is cached locally.

Also SURBL has an advantage over other RBLs in that no recursive
name resolution of the URI domain is needed.  In other words
bigspammer.com does not need to be resolved into its 10.10.10.10
IP address.  We don't need to do that expensive kind of name
resolution on a message body URI domain to compare it to a name
in the SURBL; we're just comparing names to names, not names
to numbers.

(Most other RBL usages that look at message body URIs must
resolve their domains into IP addresses before they can
be compared against a numeric RBL.  That resolution imposes
a timeout delay which slows down message processing significantly.
Comparing name to name is very much faster.)

Jeff C.



More information about the Discuss mailing list