[SPAM-TAG] [SURBL-Discuss] Subdomains in SURBL

Jeff Chan jeffc at surbl.org
Fri May 12 18:53:41 CEST 2006

On Friday, May 12, 2006, 9:31:57 AM, Brandon Hutchinson wrote:
> Since I don't think including subdomains in SURBL zone data does any good with
> SpamAssassin's URIDNSBL implementation, I was just wondering what else people 
> are using to look up URIs in SURBL. Other sendmail milters that do not use 
> URIDNSBL? Custom MIMEDefang code?

SpamAssasisn may check more than the specified levels.  For
example, it may check at levels two and three on GTLDs, or at
least it did at one point.

> I don't have any problem with subdomains being included in the list. I'm just 
> wondering "Who is benefiting from having subdomains in the list?"

> Using the "www.freecat.biz" example: assuming this is a phishing domain, would 
> also including "freecat.biz" in SURBL be a bad idea? Are there cases where we 
> should "trust" the base domain even when a subdomain is used in a phishing 
> email?

If a subdomain is listed, the subdomain should be checked.  It's
not necessarily safe to check the base domain when a subdomain is
listed.  For example if phishing.freehost.com is blacklisted,
checking freehost.com is probably not a good idea.  I do realize
this is somewhat off spec.

Jeff C.
Don't harm innocent bystanders.

More information about the Discuss mailing list