[SPAM-TAG] [SURBL-Discuss] Subdomains in SURBL
Brandon Hutchinson
hutchib at cscoe.accenture.com
Fri May 12 18:31:57 CEST 2006
Hi Jeff,
> > I believe SpamAssassin's URIDNSBL reduces the URIs to the base domain
> > (e.g. example.com, example.co.uk), so if it encountered
> > "www.freecat.biz," for example, it would lookup freecat.biz, which is not
> > in the list.
>
> That's correct. It may check other levels too, but the spec says
> to check GTLDs at the second level and CCTLDs in the table at the
> third. There may be other outlying cases in terms of the number
> of levels that should be checked, but two and three levels of
> GTLDs and CCTLDs certainly covers most of the common spams.
>
> > Besides URIDNSBL, are there other URI lookup implementations for which it
> > makes sense to include subdomains?
>
> Not sure I understand the question. Can you elaborate?
Since I don't think including subdomains in SURBL zone data does any good with
SpamAssassin's URIDNSBL implementation, I was just wondering what else people
are using to look up URIs in SURBL. Other sendmail milters that do not use
URIDNSBL? Custom MIMEDefang code?
I don't have any problem with subdomains being included in the list. I'm just
wondering "Who is benefiting from having subdomains in the list?"
Using the "www.freecat.biz" example: assuming this is a phishing domain, would
also including "freecat.biz" in SURBL be a bad idea? Are there cases where we
should "trust" the base domain even when a subdomain is used in a phishing
email?
Thanks,
Brandon
More information about the Discuss
mailing list