[SURBL-Discuss] More spams with Zdnet redirector

List Mail User track at Plectere.com
Thu Apr 7 17:04:26 CEST 2005


>...
>
>On Wednesday, April 6, 2005, 11:54:56 AM, Patrik Nilsson wrote:
>> At 01:26 2005-04-06 -0700, Jeff Chan wrote:
>>>Raymond, Paul and others, please LART them.
>>>
>>>We're not going to blacklist zdnet.
>
>> It's not zdnet, it's chkpt.zdnet.com.
>
>> Does chkpt.zdnet.com show up in ham?
>
>> http://groups-beta.google.com/groups?q=%22chkpt.zdnet.com%22&start=10&scoring=d
>
>> Are we still 100% opposed to trying to find a way to include sub-domains in 
>> surbls?
>
>> Patrik 
>
>It's possible to list subdomains, but this one chkpt.zdnet.com
>would still probably not be appropriate since it probably has
>legitimate uses.  Also subdomains may not be checked by SURBL
>applications.
>
>Jeff C.
>--
>"If it appears in hams, then don't list it."
>
>_______________________________________________
>Discuss mailing list
>Discuss at lists.surbl.org
>http://lists.surbl.org/mailman/listinfo/discuss
>
	It is actually worse than a subdomain.  If it were a simple "static"
name, maybe you could list the IP.  But it is a CNAME with a five minute TTL,
and it *does* seem to change regularly!

% dig chkpt.zdnet.com any @ns.cnet.com

; <<>> DiG 9.3.0 <<>> chkpt.zdnet.com any @ns.cnet.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18416
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3

;; QUESTION SECTION:
;chkpt.zdnet.com.		IN	ANY

;; ANSWER SECTION:
chkpt.zdnet.com.	300	IN	CNAME	c10-dw-xw-lb.cnet.com.

;; AUTHORITY SECTION:
zdnet.com.		86400	IN	NS	ns.cnet.com.
zdnet.com.		86400	IN	NS	ns2.cnet.com.
zdnet.com.		86400	IN	NS	ns3.cnet.com.

;; ADDITIONAL SECTION:
ns.cnet.com.		86400	IN	A	216.239.126.10
ns2.cnet.com.		86400	IN	A	206.16.0.71
ns3.cnet.com.		86400	IN	A	216.239.120.69

;; Query time: 19 msec
;; SERVER: 216.239.126.10#53(ns.cnet.com)
;; WHEN: Thu Apr  7 07:58:20 2005
;; MSG SIZE  rcvd: 166

% dig c10-dw-xw-lb.cnet.com any @ns.cnet.com

; <<>> DiG 9.3.0 <<>> c10-dw-xw-lb.cnet.com any @ns.cnet.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46613
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3

;; QUESTION SECTION:
;c10-dw-xw-lb.cnet.com.		IN	ANY

;; ANSWER SECTION:
c10-dw-xw-lb.cnet.com.	300	IN	A	216.239.115.143

;; AUTHORITY SECTION:
cnet.com.		86400	IN	NS	ns.cnet.com.
cnet.com.		86400	IN	NS	ns2.cnet.com.
cnet.com.		86400	IN	NS	ns3.cnet.com.

;; ADDITIONAL SECTION:
ns.cnet.com.		86400	IN	A	216.239.126.10
ns2.cnet.com.		86400	IN	A	206.16.0.71
ns3.cnet.com.		86400	IN	A	216.239.120.69

;; Query time: 20 msec
;; SERVER: 216.239.126.10#53(ns.cnet.com)
;; WHEN: Thu Apr  7 07:58:51 2005
;; MSG SIZE  rcvd: 156

	Yesterday (or the day before), it pointed at a different IP.
I still think the only effective LART is a short message, and forward
the problem email to the CNet editors (but maybe someone else can find
a person at CNet to listen - I can't).

	Meanwhile, If they don't do something soon - I promise when I own
cnet.com and zdnet.com, there will not be any redirectors:)

	Paul Shupak
	track at plectere.com


More information about the Discuss mailing list