>-----Original Message----- >From: Daniel Quinlan [mailto:[EMAIL PROTECTED] >Sent: Thursday, May 05, 2005 1:19 AM >To: [EMAIL PROTECTED] >Cc: [EMAIL PROTECTED]; [email protected] >Subject: registrar boundary inconsistencies > > >I ran SURBL (well, a copy a few weeks old) through the split_domains() >function in SpamAssassin to see which listings contained both a >host+domain rather than just domain from the perspective of >SpamAssassin. Those listings would be missed by the URIBL module. > >These are reversed for easier reading, but basically, it works >like this: > >if this is listed: > > com.50megs.brisisbri > com.50megs.cddvdmp3 > com.50megs.slashbackman > >were these then in SURBL: > > brisisbri.50megs.com > cddvdmp3.50megs.com > slashbackman.50megs.com > >However, the URIDNSBL plugin would catch none of those unless >50megs.com >was listed (it's not) since 50megs.com is the domain as far as >SpamAssassin is concerned. However, it would catch them if 50megs.com >was in SURBL in addition or instead of those hostname.domain >combinations. > >Here is the data. We (SURBL or SpamAssassin) need to do one of these >actions for each of these listings and SURBL probably has more to say >about it (initially, at least) since it's your database. > > - change the domain code in SA to consider the domain a registry like > eu.org or demon.co.uk (let us know and we'll change our >code as long > as it makes sense ;-). This means we don't expect blacklist the > entire "registry". > > - SURBL (or your data provider) blacklists the entire domain > > - remove the hostname.domain listings ... why bother if nothing's > going to hit them > >Daniel
I vote for changing the domain code to recognise these domains. Blacklisting the entire domain can have too many problems. Removing the whole thing would let spammers game these domains. I imagine that SA would need updating a lot for more domains like this. Each release. Unless of course there was some data cf file that we could just update at SARE? SImply a list of these type of domains, so they aren't hard coded? anyway, I hope you devs are having a great Cinco De Mayo!! --Chris
