[SPAM-TAG] [SURBL-Discuss] Subdomains in SURBL

Brandon Hutchinson hutchib at cscoe.accenture.com
Fri May 12 18:31:57 CEST 2006


Hi Jeff,

> > I believe SpamAssassin's URIDNSBL reduces the URIs to the base domain
> > (e.g. example.com, example.co.uk), so if it encountered
> > "www.freecat.biz," for example, it would lookup freecat.biz, which is not
> > in the list.
>
> That's correct.  It may check other levels too, but the spec says
> to check GTLDs at the second level and CCTLDs in the table at the
> third.  There may be other outlying cases in terms of the number
> of levels that should be checked, but two and three levels of
> GTLDs and CCTLDs certainly covers most of the common spams.
>
> > Besides URIDNSBL, are there other URI lookup implementations for which it
> > makes sense to include subdomains?
>
> Not sure I understand the question.  Can you elaborate?

Since I don't think including subdomains in SURBL zone data does any good with 
SpamAssassin's URIDNSBL implementation, I was just wondering what else people 
are using to look up URIs in SURBL. Other sendmail milters that do not use 
URIDNSBL? Custom MIMEDefang code?

I don't have any problem with subdomains being included in the list. I'm just 
wondering "Who is benefiting from having subdomains in the list?"

Using the "www.freecat.biz" example: assuming this is a phishing domain, would 
also including "freecat.biz" in SURBL be a bad idea? Are there cases where we 
should "trust" the base domain even when a subdomain is used in a phishing 
email?

Thanks,

Brandon


More information about the Discuss mailing list