[SURBL-Discuss] RE: registrar boundary inconsistencies
Chris Santerre
csanterre at MerchantsOverseas.com
Thu May 5 16:20:32 CEST 2005
>-----Original Message-----
>From: Daniel Quinlan [mailto:quinlan at pathname.com]
>Sent: Thursday, May 05, 2005 1:19 AM
>To: discuss at lists.surbl.org
>Cc: jeffc at surbl.org; dev at spamassassin.apache.org
>Subject: registrar boundary inconsistencies
>
>
>I ran SURBL (well, a copy a few weeks old) through the split_domains()
>function in SpamAssassin to see which listings contained both a
>host+domain rather than just domain from the perspective of
>SpamAssassin. Those listings would be missed by the URIBL module.
>
>These are reversed for easier reading, but basically, it works
>like this:
>
>if this is listed:
>
> com.50megs.brisisbri
> com.50megs.cddvdmp3
> com.50megs.slashbackman
>
>were these then in SURBL:
>
> brisisbri.50megs.com
> cddvdmp3.50megs.com
> slashbackman.50megs.com
>
>However, the URIDNSBL plugin would catch none of those unless
>50megs.com
>was listed (it's not) since 50megs.com is the domain as far as
>SpamAssassin is concerned. However, it would catch them if 50megs.com
>was in SURBL in addition or instead of those hostname.domain
>combinations.
>
>Here is the data. We (SURBL or SpamAssassin) need to do one of these
>actions for each of these listings and SURBL probably has more to say
>about it (initially, at least) since it's your database.
>
> - change the domain code in SA to consider the domain a registry like
> eu.org or demon.co.uk (let us know and we'll change our
>code as long
> as it makes sense ;-). This means we don't expect blacklist the
> entire "registry".
>
> - SURBL (or your data provider) blacklists the entire domain
>
> - remove the hostname.domain listings ... why bother if nothing's
> going to hit them
>
>Daniel
I vote for changing the domain code to recognise these domains. Blacklisting
the entire domain can have too many problems. Removing the whole thing would
let spammers game these domains.
I imagine that SA would need updating a lot for more domains like this. Each
release. Unless of course there was some data cf file that we could just
update at SARE? SImply a list of these type of domains, so they aren't hard
coded?
anyway, I hope you devs are having a great Cinco De Mayo!!
--Chris
More information about the Discuss
mailing list