[SURBL-Discuss] RE: registrar boundary inconsistencies

Chris Santerre csanterre at MerchantsOverseas.com
Thu May 5 16:20:32 CEST 2005



>-----Original Message-----
>From: Daniel Quinlan [mailto:quinlan at pathname.com]
>Sent: Thursday, May 05, 2005 1:19 AM
>To: discuss at lists.surbl.org
>Cc: jeffc at surbl.org; dev at spamassassin.apache.org
>Subject: registrar boundary inconsistencies
>
>
>I ran SURBL (well, a copy a few weeks old) through the split_domains()
>function in SpamAssassin to see which listings contained both a
>host+domain rather than just domain from the perspective of
>SpamAssassin.  Those listings would be missed by the URIBL module.
>
>These are reversed for easier reading, but basically, it works 
>like this:
>
>if this is listed:
>
>  com.50megs.brisisbri
>  com.50megs.cddvdmp3
>  com.50megs.slashbackman
>
>were these then in SURBL:
>
>  brisisbri.50megs.com
>  cddvdmp3.50megs.com
>  slashbackman.50megs.com
>
>However, the URIDNSBL plugin would catch none of those unless 
>50megs.com
>was listed (it's not) since 50megs.com is the domain as far as
>SpamAssassin is concerned.  However, it would catch them if 50megs.com
>was in SURBL in addition or instead of those hostname.domain
>combinations.
>
>Here is the data.  We (SURBL or SpamAssassin) need to do one of these
>actions for each of these listings and SURBL probably has more to say
>about it (initially, at least) since it's your database.
>
>  - change the domain code in SA to consider the domain a registry like
>    eu.org or demon.co.uk (let us know and we'll change our 
>code as long
>    as it makes sense ;-).  This means we don't expect blacklist the
>    entire "registry".
> 
>  - SURBL (or your data provider) blacklists the entire domain
>
>  - remove the hostname.domain listings ... why bother if nothing's
>    going to hit them
>
>Daniel

I vote for changing the domain code to recognise these domains. Blacklisting
the entire domain can have too many problems. Removing the whole thing would
let spammers game these domains. 

I imagine that SA would need updating a lot for more domains like this. Each
release. Unless of course there was some data cf file that we could just
update at SARE? SImply a list of these type of domains, so they aren't hard
coded?

anyway, I hope you devs are having a great Cinco De Mayo!! 

--Chris 


More information about the Discuss mailing list