[SURBL-Discuss] RFC: Add hosts like tripod.com to two-level-tld list?

List Mail User track at Plectere.com
Wed Nov 16 13:41:54 CET 2005


>...
	JeffC of SURBL asked:

>It has been suggested that we could deal with the tripod.com
>subdomains by adding tripod.com to our two-level-tld list
>or some equivalent file.  Currently the two-level-tld list is
>hard coded into applications to indicate that domains like co.uk
>should be checked at the third level, like checkmehere.co.uk.
>This is somewhat of a kludge, but it works.
>
>How does anyone feel about extending that to tripod.com and
>potentially other hosts that provide subdomain hosting?
>
>If so, should it be done in the same two-level-tld file or
>maybe a different, separate file?  (Currently the two-level-tld
>file is mostly geographic domains, i.e. cctlds plus the local
>country registrar top level domains.)  Or should it be done with
>another, separate DNSBL, etc. Both approaches have advantages and
>disadvantages.  The file is much simpler to maintain for us, but
>a bit kludgey.
>

	The hard-coding into applications is just plain wrong for a few
reasons;  Any list *should* be updatable.  Some RHS BLs already support
arbitrary subdomains (example: biz.mail.mud.yahoo.com has many more problems
than yahoo.com or most yahoo.com subdomains).  For DSN, RCVD and other
header rules, the "top" domain, (e.g. "ca.us") may not have, or even be
required to have an abuse and/or postmaster account (just one possible type
of example), but the subdomains either do have them or would trigger tests
or rules for them (a domain with no 'A' or 'MX' records may not need to
provide any mail services, though its subdomains should and do - your
losangeles.ca.us vs. "ca.us" example).  Also note that some MTAs (eg.
Postfix) already check *all* of the subdomains in a hostname against RHS RBLs.

	One problem with this is the syntax for DNS "wildcards" transcends
subdomain levels, so I believe the files/domains should be kept separate from
the "true" two-level TLDs, because unfortunately a check for '*.domain.tld'
should really be performed also (e.g.  '*.domain.tld' in a DNS zone file will
match 'l5.l4.l3.domain.tld' as well as the simple 'l3.domain.tld') and this
leads to increased overhead for DNS based net tests (without the check, the
containing domain cannot be determined by heuristics alone).

	One set of candidates that would also fall into this group include
ESPs like cheetah/chtah (discussed a few months ago), where most all (or at
least many) of the subdomains are well behaved, but some are definitely
"mainsleaze-like" or just plain spammy (not meant to reflect on cheetah
specifically here).  Similarly, some poorly behaved companies are kind enough
to segregate their marketing "spew" into a subdomain, allowing just that to
be listed  *and* tested for (think of more than just the SURBL lists - but
anything SA or other apps may want to check).

>Conceivably the file or RBL could be used for any arbitrary
>number of levels, for example if subdomains like
>spammerz.losangeles.ca.us (unlikely example, but you get the idea)
>or something similar started appearing in spams.
>
	The use of most geographic domains in the body of spam is still
rare, but I know that you have seen examples of them used for both dropboxes
and domain contacts (and some geographic domains, at least in the ".us" TLD
have been suspended for just this cause - directly or indirectly).

>If we make the change, we'd need to let the SURBL application
>authors know to update their tld file, etc., and we'd also need
>to update our data-side processing to allow subdomains to be
>listed. 
>
>Comments?
>
	The data processing changes needed for applications are the hardest
ones to get done.  And the concept of keeping the two sets of domains both
separate (because they have different though overlapping uses) and *outside*
of application code (so that they may be updated without updating the
applications themselves) are both appealing .

>Jeff C.
>--
>Don't harm innocent bystanders.
>
>_______________________________________________
>Discuss mailing list
>Discuss at lists.surbl.org
>http://lists.surbl.org/mailman/listinfo/discuss
>
	Paul Shupak
	track at plectere.com

P.S.  There was a citation, I believe on NANOG, a couple of weeks ago of
another maintained list of multi-level TLDs for IANA listed registries - I'll
try to dig it up and send it to you off-list (maybe you can compare it to
the current SURBL list).


More information about the Discuss mailing list