[SURBL-Discuss] Guestbook spam

Jeff Chan jeffc at surbl.org
Wed Nov 15 09:17:17 CET 2006

On Monday, November 13, 2006, 10:11:15 PM, Michael Renzmann wrote:

> As far as I can tell from my little investigation, it seems that these 
> "big hosters" provide one of two schemes for their customers:

>   1. http://customer.hoster.tld/...
>   2. http://host.hoster.tld/customer/...

> The "customer" part of the URI is what needs to be looked at in order to 
> distinct spammers from non-spammers.

> Advantages:
> 1.
> The modifications needed for an existing rhsbl (zone file) that 
> implements this enhancement as well as for the applications that make 
> use of the enhancement on the client side are not hard to implement IMO. 
> The enhancement makes use of mechanisms that already are used. No 
> changes are needed to the DNS servers, as far as I can tell.

Hi Michael,
These subjects have come up before, but we've decided to list
registered domains for a number of reasons:

1.  Subdomains and paths are often too many to list.  There are
already many domains and if we added all the possible subdomains
and paths, especially for spammers who use many of them, the
lists would get too large.
2.  Subdomain/path abuse is the responsibility of the domain owner.
3.  If there is enough subdomain or path abuse, then we may
blacklist the domain.  But we generally don't list mostly
legitimate domains.
4.  Paths or subdomains can be keyed to a specific spam or
recipient to allow the spammer to confirm delivery.
5.  Paths or subdomains can reveal private information about the
recipient like account numbers, etc.
6.  If a domain belongs to spam gangs, etc., then we list it.
7.  If a domain belongs to legitimate hosts like Yahoo, then they
are responsible for the sites and should stop the abuse.  It is
their responsiblity.


More discussion can be found in the list archives:


and FAQ:



Jeff C.
Don't harm innocent bystanders.

More information about the Discuss mailing list