[SURBL-Discuss] Nice URIDNSBL functionality

Justin Mason jm at jmason.org
Mon Nov 1 23:12:26 CET 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Fred writes:
> Jeff Chan wrote:
> > It may be worth pointing out that uridnsbl does not look up the
> > IP address of the URI against RBLs, but the IP address of the
> > URI domain's *name server*.  It's not the same thing as checking
> > the web server against an RBL, but looking up name servers is
> > quite effective if the RBL contains some addresses of spammer
> > name servers, as sbl.spamhaus.org definitely does.
> 
> I just have to say THANK YOU BILL!  I sat down today to accomplish exactly
> this, I thought I had an original idea but it looks like you beat me to it.
> I posted in Bugzilla  few days ago to the SA devs that we need this
> functionality.
> 
> I just wanted to querry the websites NS server to see if it's listed in
> SBL-XBL because 9 times out of 10 when I go to report a domain to WS, it's
> almost always listed in SBL-XBL.
> 
> How hard would it be to querry the A record for the domain as well?

hi guys --

the difficulty with the latter is that it's trivial to avoid.  a
spammer can do

  <a href=http://49583495849skjldkjfsdio7345809.domain.com/>spam!</a>

and just ensure that "49583495849skjldkjfsdio7345809.domain.com" has an A
record, and that "www.domain.com" and "domain.com" do not, and their spam
gets past.

However no domain can avoid having an NS record for "domain.com".

- --j.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Exmh CVS

iD8DBQFBhrTKMJF5cimLx9ARAgTKAKCHshKSWEEy8ePlIhW8uZ1w8dfILgCghKDk
rANKXcJbiZzXv9DQjn5RPzM=
=C3AO
-----END PGP SIGNATURE-----



More information about the Discuss mailing list