[SURBL-Discuss] Re: Start an IP list to block?

Ryan Thompson ryan at sasknow.com
Fri Sep 10 00:57:46 CEST 2004


[ Whew! CC trimmed :-) ]

Jeff Chan wrote to Justin Mason:

>> Yeah.  I was referring to the proposal to lookup IP addresses for
>> href hostnames directly (instead of looking up the NS'es.)
>
> Yep.  Resolving domain names found in spam URIs is slow

Aha. Key word = "domain names".

All the world's a host. Spammers are already using random subdomains in
their emails, and there is absolutely *no* guarantee whatsoever that
these subdomains resolve to the same IP(s) as the registrar domain (or
even as the rest of the subdomains). It's basic DNS, and, in this case,
it means we're basically screwed before we start. :-)

There *may* be some benefit to the idea, but I'm betting it would be
extremely short-term, because spammers would too easily thwart it by
pointing their TLDs A record to somewhere else.

Unless we started keeping more host information...but then we're
effectively DoSsed by the sheer number of subdomains in use. There are a
few ways I could think to greatly optimize that, but, so far, I don't
see a big win.

- Ryan

-- 
   Ryan Thompson <ryan at sasknow.com>

   SaskNow Technologies - http://www.sasknow.com
   901-1st Avenue North - Saskatoon, SK - S7K 1Y4

         Tel: 306-664-3600   Fax: 306-244-7037   Saskatoon
   Toll-Free: 877-727-5669     (877-SASKNOW)     North America


More information about the Discuss mailing list