[SURBL-Discuss] Re: second and third level domains - again!

Eric Kolve ekolve at comcast.net
Wed Apr 28 06:58:20 CEST 2004

On Wed, Apr 28, 2004 at 12:02:26AM -0700, Jeff Chan wrote:
> On Tuesday, April 27, 2004, 10:37:22 PM, John Fawcett wrote:
> > As far as I could see the table in SpamCopUri contains only the
> > .uk not co.uk. so this means that all .uk domains are being handled 
> > in the same way i.e. checked on the third level. 
> > Likewise, I saw .ca in the table not ab.ca, so just as for the
> > uk example everything is being checked at the third level by
> > the client, and so spammer.ca. will be missed.
> ...
> >> tm.fr
> >> gouv.fr
> >> asso.fr
> >> nom.fr
> >> avocat.fr
> ...
> > I didn't spot any of these being used on the client. So if I am
> > reading things correctly we will never catch spammer.nom.fr etc.
> > Maybe if Eric is reading this, he can confirm whether this is
> > the case.
> Thanks for the research into how SpamCopURI is handling ccTLDs.
> In case it wasn't clear, I was referring to the data side in my
> description of how the ccTLDs are handled.
> For best performance, we probably want to make both the data and
> client sides behave similarly, whether it's by changing the data
> side to use the SA module handling ccTLDs, by getting zones with
> more than two levels out via a special zone or value in SURBLs,
> or some other way.

Agreed.  Currently the way things are setup, we can only guarantee
that we catch *everything* we intend to catch is if both the client
implement identical logic.  Ideally, only the server would implement
this so clients wouldn't have to adapt to any logic changes, 
but the exception cases seem so rare (famous last words) so I am 
not too worried about it.


> But we can say that whitelisting of the known legitimate
> two-level ccTLDs will guarantee that they won't get into the data
> and therefore won't match in any SURBL queries.  It's a partial
> solution and does help prevent most FPs that might happen from
> matching the specific ccTLDs.  But it may not be the ultimate
> solution.
> I'll also add a couple points:
> 1.  For SURBLs to be useful preventing FPs is very important,
> probably more so than catching 100% of spam.
> 2.  So far, :-) there is relatively little abuse of geographic
> domain names.  By far the most abused geographic domain is .us .
> Spam URI domains in .com, .biz, etc. are several orders of
> magnitude more numerous than any geographic ones.  In that sense
> catching those is a higher priority, and we are canonically if
> imperfectly meeting that now.
> Jeff C.
> _______________________________________________
> Discuss mailing list
> Discuss at lists.surbl.org
> http://lists.surbl.org/mailman/listinfo/discuss

More information about the Discuss mailing list