[SURBL-Discuss] More spams with Zdnet redirector

Jeff Chan jeffc at surbl.org
Fri Apr 8 04:53:05 CEST 2005

On Thursday, April 7, 2005, 1:32:58 PM, Patrik Nilsson wrote:
> At 17:49 2005-04-06 -0700, Jeff Chan wrote:
>>It's possible to list subdomains, but this one chkpt.zdnet.com
>>would still probably not be appropriate since it probably has
>>legitimate uses.

> "probably"?.
> Is there any evidence of chkpt.zdnet.com actually appearing in ham?
> There is plenty of evidence of it appearing in spam, but I have not seen 
> any example of it appearing in ham.

zdnet would not have created the redirector just for spammers to
use.  That would not be reasonable.  Therefore they probably have
some legitimate uses for it.

>>Also subdomains may not be checked by SURBL applications.

> What I am actually asking is "Should we maybe change our current policy and 
> actively encourage that appplications and listings consider sub-domains of 
> certain domains in a similar way to how some country subdomains are already 
> treated, and if so, should this be something that is updated from an 
> on-line source".

> Patrik

It's something to consider, and SpamAssassin does actually check
gtlds at both second and third level domains.  But so far most
spams use domains that can be blocked at the second level.  In
other words, spammers register their own gtlds like spammer.com.
They don't tend to use third-level.legitimate.com.

chkpt.zdnet.com does not change this situation significantly.

Jeff C.
"If it appears in hams, then don't list it."

More information about the Discuss mailing list