RFC: Removing example.com as a testpoint (Was: Re:
[SURBL-Discuss] Re: No install Problems with 0.10)
simon at igrin.co.nz
Tue Apr 20 13:09:44 CEST 2004
At 11:54 20/04/2004, Jeff Chan wrote:
>On Sunday, April 18, 2004, 3:23:20 PM, Jeff Chan wrote:
> > On Wednesday, April 14, 2004, 2:30:40 PM, Jeff Chan wrote:
> >> On Wednesday, April 14, 2004, 1:27:01 PM, Justin Mason wrote:
> >>> Ah -- I've just realised, that will be a pretty big problem ;)
> >>> Jeff, can we change that to another domain? example.com is widely
> used for
> >>> the purpose it's intended for, an "example domain" to use in example
> >>> example email addrs, example whatever. Adding it to SURBL as the test
> >>> domain means that it now gets another, unpleasant meaning -- a good way
> >>> to get your mail into the spam folder. I don't think that'll be
> >>> a good side-effect. :(
> >>> Something more like the GTUBE ( http://SpamAssassin.org/gtube/ ) -- ie
> >>> a domain that doesn't already exist and is not going to crop up for other
> >>> reasons. Something like http://surbl-org-permanent-test-point.com/ ?
> >> Hi Justin,
> >> Good point. We added example.com by request, and we've just had
> >> another request for example.tld. [...]
> >> HOWEVER, *other RBLs* are not used to block on message bodies and
> >> example.com is unlikely to be used as a sender domain. But it
> >> could appear in a message body URI as someone's example.
> > Does anyone have any other comments on the issue of removing
> > example.com or changing it to something really obscure like
> > the http://surbl-org-permanent-test-point.com/ which Justin
> > suggested above. If I don't hear any other feedback I'll go
> > ahead and make that change Monday and announce it.
> > This change will require people to update any test suites that
> > are expecting example.com to be in the SURBL lists.
>Are there any more comments on removing example.com from the
>Otherwise I will probably change "example.com" to
>"surbl-org-permanent-test-point.com", and document and announce
>Please let me know if you have any objections or other comments.
Sounds fine to me....(since no one else is commenting :)
The whole idea of surbl relies on the fact that there is no legitimate way
that a spam url would be found in a genuine message. This isn't too hard
considering how obscure and obfuscated most spammer domain names
are...they're not the kind of thing that you'd write by accident in casual
However something obvious like example.com is something that can (and is)
written in non-spam messages sometimes...so definately needs to go...
More information about the Discuss