[SURBL-Discuss] Three level TLDs

Jeff Chan jeffc at surbl.org
Thu Mar 16 21:43:18 CET 2017

On Thursday, March 16, 2017, 4:50:08 AM, Brooke Babcock wrote:
> I have a question about the three level TLDs provided by SURBL.

> I’m a new user of SURBL and attempting to hook it into our
> company’s e-mail scanner using the guidelines listed here:
> http://www.surbl.org/guidelines <http://www.surbl.org/guidelines>.
> Guideline #2 instructs me to extract the base domain to use in the
> lookup to SURBL and points me to two different tables - a two level
> TLD table and the three level TLD table. 

> According to the guidelines… “For any domain on the three level
> list, check it at the fourth level”. However, in the three level TLD
> table (http://www.surbl.org/static/three-level-tlds
> <http://www.surbl.org/static/three-level-tlds>), I see many two
> level domains. In my spot checking, I always see the same domain in
> the two level TLD table (http://www.surbl.org/static/two-level-tlds
> <http://www.surbl.org/static/two-level-tlds>) as well.

> Examples:
> fvg.it <http://fvg.it/>
> gov.ms
> ic.tr <http://ic.tr/>
> iki.fr <http://iki.fr/>
> info.at <http://info.at/>
> ro.com <http://ro.com/>

> How do I best treat these domains that show up in both lists? Are
> they on the three level list by mistake?

Yes, those are errors.  We are correcting them.

> Or should I do multiple
> lookups with different URI base domains (3 and 4 level) if the top
> domain is in both lists?

Treat a domain with two levels as if it were on the two level list.
As you note, those all have two levels.

> For example, if I were to extract the URI,
> http://some.domain.fvg.it <http://some.domain.fvg.it/>, should I do
> a lookup on “some.domain.fvg.it <http://some.domain.fvg.it/>” and
> “domain.fvg.it <http://domain.fvg.it/>”, because “fvg.it
> <http://fvg.it/>" appears in both lists?

> Any help would be appreciated. Thanks much!

> ~Brooke

That all said, if you're using the wildcarded version of multi, called
zone file wild.surbl.org then you don't need to reduce domains.  Just
query the whole domain without any domain reduction.  Don't do the
reduction step and don't use the tld files.

The public nameservers are now actually using wild, and we recommend
internal nameservers also use wild.  So domain reduction isn't needed
for use with the public nameservers or any internal ones using wild.

Please see your data feed welcome letter for more information, or
use the contact info mentioned in the letter.


Jeff C.

More information about the Discuss mailing list