[SURBL-Discuss] Whitelist Please

Jeff Chan jeffc at surbl.org
Sat Sep 11 02:57:03 CEST 2004

On Friday, September 10, 2004, 7:43:51 AM, Chris Santerre wrote:
>>-----Original Message-----
>>From: Frank Ellermann [mailto:nobody at xyzzy.claranet.de]
>>Sent: Thursday, September 09, 2004 10:01 PM
>>To: discuss at lists.surbl.org
>>Subject: Re: [SURBL-Discuss] Whitelist Please
>>Jeff Chan wrote:
>>> Chris and Ryan and Raymond, don't even think about proposing
>>> a subdomain list.  LOL!  ;-)
>>What's the problem with this idea ?  It would be only one level
>>above the real host, so for say claranet.de you would have to
>>consider www.claranet.de and xyzzy.claranet.de, but you would
>>ignore www.xyzzy.claranet.de or more.levels.xyzzy.claranet.de
>>Then if I start to spamvertize my site you catch me without
>>hitting any other user.claranet.de (let alone www.claranet.de)
>>Assuming that my ISP doesn't neeed weeks to cancel my account
>>after I started to spam the xyzzy entry will expire soon.

Yes, we've thought about this and decided to go with the
base domain for several reasons.

1.  Spammers use randomized subdomains on many levels above the
third or fourth.  It would be impossible and also meaningless in
many cases to try to capture all of those levels, given the
common randomization.

2.  Some of the randomized subdomains are unique to a particular
spam or batch of spams, therefore logging each unique one both
notifies the spammer that their spam got through (thus confirming
the recipient address for them) and means that we don't
necessarily catch their registered domain.

3.  It doesn't focus on what we're trying to go after: the many
freshly registered "disposable" spam domains.

4.  If a hosting company is legitimate, they will kick out any
spammers using subdomains under their parent domain.  If they
don't then we can begin to consider the hosting company
spam-friendly.  Most hosting companies do not tolerate subdomain
spammers, and that is reflected in the lack of spams we see with
subdomains of legitimate domains.

Hopefully some of those will seem at least somewhat reasonable.

>>> It's about time ICANN cracked down on rogue registrars.
>>I'll believe it when I see it.  These registrars pay ICANN's
>>budget, don't they ?

Eventually the registrars should be held accountable for hosting
spammer domains.  It's good to at least see some movement in
that direction.

>>> There will always be disagreement about that optimization 
>>> point.  That is natural.  (It's also a PITA.)
>>Sometimes your criteria appear to be a bit obscure for me.
>>Of course some people may love a "joke of the day" mail -
>>that's okay, if they like it they won't report it as spam.
>>But others don't like any unsolicited jokes, and they would
>>report it as spam.  In that case the joke-of-the-day site
>>_is_ spamming, and it's okay to list them.  Even if they
>>also have some real fans with a "legit" interest in their
>>joke of the day.  In that case you can't avoid a collateral
>>damage, whatever you do.
>>                          Bye, Frank

Yes, collateral damage is easily avoided.  Don't list them.

Should we ***block everyone else's use*** of the Joke of the day
domain?  I don't think so.

> hmmm.... can't we treat these like we treat com.ar tld? or co.uk? Like Frank
> said, just checking the subdomain one more level up for these guys. I don't
> see the harm in that. Or am I missing something again? 

> I think what Jeff meant was another SURBL list entirely ;) No, I think we
> have enough as well.

> --Chris

See above.  There are specific and good reasons why we did not
list subdomains of registered domains.  No solution is perfect
but this one seems to fit the data the best.  We actually debated
this already, very early in the design process.

Jeff C.

More information about the Discuss mailing list