[SURBL-Discuss] RFC: SURBL software implemetation guidelines

Jeff Chan jeffc at surbl.org
Wed Apr 21 01:54:34 CEST 2004


On Wednesday, April 21, 2004, 12:02:26 AM, Jose Cruz wrote:
> Simon Byrnand wrote:

>> With the current approach individual randomized (or not) subdomains aren't
>> being seperately listed anyway, they are stripped down and collated into
>> their registrar level domain names before going into the zone files..
>> (Right Jeff ?)

> No. You need to have both records. The first will match only the domain 
> itself : "spammer.com" and the second will match everything other. The 
> wildcard doesn't match the domain itself. So the number of records is 
> the double - but maybe I'm wrong.

> It seems to me that wildcards is what spammers use to get hostname 
> randomness.

We're discarding the randomness on the client end by stripping
off all the subdomains and host names, random or not.

Or at least that's what any code using SRUBLs *should be doing*,
because that's what's represented in the list data: base domains.
 We want to compare base domains extracted from the messages
against the base domains in the SURBLs.  One source of confusion
is that sc.surbl.org data includes some of the more common
randomized subdomains; future versions of the data won't.  Only
base domains will be included in future versions of sc.surbl.org,
so only base domains should be compared by the client program
from now on. 

It also happens that this makes for more streamlined use of DNS
for the RBL.

Jeff C.



More information about the Discuss mailing list