[SURBL-Discuss] Re: second and third level domains - again!

John Fawcett johnml at michaweb.net
Wed Apr 28 08:37:22 CEST 2004

----- Original Message ----- 
From: "Jeff Chan" 
> On Tuesday, April 27, 2004, 1:47:41 PM, John Fawcett wrote:
> > Jeff Chan wrote on Mon Apr 26 03:58:58 CEST 2004 
> > I think that some of the ccTLDs have a mixed assignment
> > strategy. This means that they should sometimes be
> > checked at the 2nd level sometime at the 3rd level. 
> > The current logic always checks at a single predefined level.
> Not quite; it's table-driven at least on the data side.
> If co.uk is in the ccTLD table then the third level is
> checked, i.e. spammerdomain.co.uk.  Since secondlevelspamdomain.uk
> is *not* in the table it would get checked at the third level...
> *and caught*.  :-)

As far as I could see the table in SpamCopUri contains only the 
.uk not co.uk. so this means that all .uk domains are being handled 
in the same way i.e. checked on the third level. 

> Eric or Justin, what is the Perl or SA module currently
> being used on the client side to handle ccTLDs again please?
> I should probably look into using it on the data side too.
> > The two example I saw were: .fr and .ca
> > Currently we check .ca at the third level, but it is possible
> > to register a second level domain at .ca which we never catch
> > so bigspammer.ca will get through.
> The signalling is not at the TLD.  It's at whatever level
> is in the table.  We don't list .ca, but we do list ab.ca.
> That means foobar.ab.ca gets checked at the third level
> and somenewspamdomain.ca gets checked at the second level.

Likewise, I saw .ca in the table not ab.ca, so just as for the
uk example everything is being checked at the third level by
the client, and so spammer.ca. will be missed.

> > We check .fr at the second level however there are 
> > many "standard" second level domains (like .nom.fr) which 
> > means we probably want to be checking these ones at the third 
> > level. (Translation: any bigspammer.nom.fr domain is imune to
> > the current strategy unless we want to upset everyone who has
> > a nom.fr domain by listing that).
> In this case there's a lack of data on the .fr ccTLDs.  If
> somemone could research that and get them to me I'll add them
> to our table.  (Ditto any other countries.  :-)  FWIW I just
> added nom.fr to:
> nom.fr
> tm.fr
> gouv.fr
> asso.fr
> nom.fr
> avocat.fr
> notaire.fr
> barreau.fr
> mairie.fr

I didn't spot any of these being used on the client. So if I am
reading things correctly we will never catch spammer.nom.fr etc.

Maybe if Eric is reading this, he can confirm whether this is
the case.


More information about the Discuss mailing list