3rd level domains Re: [SURBL-Discuss] Re: Spam Honeypot identification through SURBL

George Georgalis george at galis.org
Tue Mar 15 05:00:58 CET 2005


On Thu, Mar 10, 2005 at 05:08:09PM -0800, Jeff Chan wrote:
>On Thursday, March 10, 2005, 9:01:07 AM, Matthew Wilson wrote:
>> It is therefore my humble opinion that only the second-to-top domain
>> name should be listed in SURBL, and not any of the subdomains.
>
>Yes, we discard subdomains:
>
>  http://www.surbl.org/faq.html#random
>

randomized, key and/or user at ...  3rd level domains have been in use for
a while. so only 2nd level in surbl has always seemed reasonable to me.

but today, a spam came through with a low score, it had a domain in the
form something.com.au but might as well have been notrandom.co.uk or
similar.

In these cases it would seem reasonable to check the 3rd level name in
surbl.

I don't know exactly how SA (which is what I use) modules send the query
but it occurs to me that if "co.uk" is sent to surbl, the response
might should be a code ip for "give me another level" which would be
cached locally and a subsequent "site.co.uk" surbl query sent, which
would be evaluated like 2nd level domain normally are.

Is this something that could or has been worked in?

// George

-- 
George Georgalis, systems architect, administrator Linux BSD IXOYE
http://galis.org/george/ cell:646-331-2027 mailto:george at galis.org


More information about the Discuss mailing list