[SURBL-Discuss] "surgically" blocking certain redirectors
Jeff Chan
jeffc at surbl.org
Wed Apr 27 02:10:27 CEST 2005
On Tuesday, April 26, 2005, 8:22:26 AM, Daryl O'Shea wrote:
> Rob McEwen wrote:
>> Jeff said:
>> "It is possible to blacklist nina.18.to but not 18.to if nina is owned by
>> spammers but 18 is not."
>>
>> Why not then add certain redirectors to the SURBL lists where the redirector
>> is deemed to NOT be found in hams? Specifically, I'm referring to situations
>> where we could list redirect.somedomain.com but NOT list somedomain.com
> That would require the calling applications to know to do a lookup on
> redirect.somedomain.com and not somedomain.com. SpamAssassin for one
> won't do that.
Actually I thought SpamAssassin did check two level domains like
foo.com on two and three levels. Not sure if it still does that
but I recall it doing that at oue point, i.e. both
redirect.somedomain.com *and* somedomain.com. were checked.
Pretty sure we saw that in the DNS traffic SA was generating,
or showing up in debug mode. But maybe the domain handling's
been updated to be more specific since then.
SA also checks all visible hosts (including redirected-to ones)
in a URI, including all of a redirector, so:
http://redirector.clubie.isp/blah/feh/http://spammer.com/
and similiar style URIs are checked by spamassassin for at least
clubie.isp and spammer.com. That's what I recall from the
original SA development of redirector handling.
> I'm trying to get user configurable redirector pattern matching into the
> SA code (bug 4176). I've got one ISP using it to identify domains being
> redirected to via the zdnet redirector with good results. Hopefully I
> can get it in 3.1.
> Daryl
Cool. Very glad to hear there's code to handle this other style
of redirector in the works! :-)
Jeff C.
--
"If it appears in hams, then don't list it."
More information about the Discuss
mailing list