[SPAM-TAG] [SURBL-Discuss] Subdomains in SURBL
Brandon Hutchinson
hutchib at cscoe.accenture.com
Fri May 12 20:16:40 CEST 2006
> SpamAssasisn may check more than the specified levels. For
> example, it may check at levels two and three on GTLDs, or at
> least it did at one point.
Looking at some of the SA 3.1.1 debug output, SA's URIDNSBL will query only at
level 3 for domains with a country code (e.g. .co.uk), and level 2 for other
GTLDs (.com).
Examples:
[5180] dbg: uri: parsed uri found, http://www.hydeparkcalling.co.uk/
[5180] dbg: uri: parsed domain, hydeparkcalling.co.uk
[5180] dbg: uridnsbl: domains to query: hydeparkcalling.co.uk
[6977] dbg: uri: parsed uri found, http://www.manage-performance.com
[6977] dbg: uri: parsed domain, manage-performance.com
[6977] dbg: uridnsbl: domains to query: manage-performance.com
So unless my understanding of SA's URIDNSBL is mistaken, and it certainly
could be, we'll never catch any of the subdomains in SURBL. No big deal;
someone probably is using some implementation of URI checking with SURBL that
does.
>
> If a subdomain is listed, the subdomain should be checked. It's
> not necessarily safe to check the base domain when a subdomain is
> listed. For example if phishing.freehost.com is blacklisted,
> checking freehost.com is probably not a good idea. I do realize
> this is somewhat off spec.
Thanks, this is what I was wondering.
Brandon
More information about the Discuss
mailing list