***SPAM*** [SURBL-Discuss] Why are subdomains not blacklisted?

Jeff Chan jeffc at surbl.org
Fri Nov 24 00:56:25 CET 2006


On Thursday, November 23, 2006, 1:10:23 PM, Kelly Jones wrote:
> I received two separate spams advertising
> "uztiuqhcsgdnhsx.kennevur.com" and "678.com.plaweresoft.com" as the
> domains.

> multi.surbl.org lists the domains as blacklisted:

>> host kennevur.com.multi.surbl.org
> kennevur.com.multi.surbl.org has address 127.0.0.86

>> host plaweresoft.com.multi.surbl.org
> plaweresoft.com.multi.surbl.org has address 127.0.0.118

> but not the subdomains:

>> host uztiuqhcsgdnhsx.kennevur.com.multi.surbl.org
> Host uztiuqhcsgdnhsx.kennevur.com.multi.surbl.org not found: 3(NXDOMAIN)

>> host 678.com.plaweresoft.com.multi.surbl.org
> Host 678.com.plaweresoft.com.multi.surbl.org not found: 3(NXDOMAIN)

> Why? Wouldn't it be easy/sensible to wildcard the blacklist to include
> these?

The subdomains are meaningless, random or keyed, so SURBL data
does not include them.  Applications are meant to not include
them also:

  http://www.surbl.org/implementation.html

If you are using an application that does not discard that
portion of the domains, then please let the application authors
know that they should be doing that.  Also you may want to check
out our FAQ:

  http://www.surbl.org/faq.html#random
  http://www.surbl.org/faq.html#numbered

Jeff C.
--
Don't harm innocent bystanders.



More information about the Discuss mailing list