http://issues.apache.org/SpamAssassin/show_bug.cgi?id=3549
------- Additional Comments From [EMAIL PROTECTED] 2005-11-17 06:17 ------- Yeah, no kidding. It's just as impractical as listing each "massivegibberish.tripod.com." host. I don't suggest attempting either, just pointing out that using CNAMEs to whitelist a limited set of subdomains is a lot easier, and certainly more efficient, than blacklisting a massive number of random subdomains. Anyway, here are my thoughts on where this is going... [1] This bug's intent was to align the list _registrar boundaries_ with reality. What I'd like to see done, and I'll probably code it up, is to have the registrar boundary list moved to user config options (which could be called registrar_boundary). This would allow updates, via sa-update / Rules-du-jour / whatever, to keep everyone (users and blacklist operators) in sync. [2] There's also the issue of knowing which domain name to query in the case of country code TLDs that may or may not have a province/state SLD too. In these cases, I think we should just send out queries against both. To configure this you'd just add both to the "registrar_boundary" config option mentioned above. Of course there are still those stupid "city/town" sub-levels out there, but I don't think they are a major concern for abuse. Now the stuff related to this bug... [3] If it's decided to list subdomains of free-hosts, such as Tripod, that provider could be trivial added to the user config and the blacklists can go at listing each of the blackhat domains. I don't think subdomain keying is an issue with the free hosts... there's no way they're going to register a hosting account for each recipient. And the stuff that's pretty far off track from this bug... [4] A similar thing goes for "path based" free hosts like Geocities. A user config option (with the same possibility for automatic updates as above) would tell the software to query the path as host instead. For example: config option name hostnames to match resulting hostname to query ------------------------------------------------------------------- query_path *.geocities.com account-paths.geocities.com Given a uri of http://it.geocities.com/DamnSpammer/?anything_else.blah a query would be made against (using SURBL as an example list): DamnSpammer.account-paths.geocities.com.multi.surbl.org. * Things like underscores that can be in paths, but not hostnames, would be converted to, say dashes. * The "account-paths" subdomain would ideally need to be standardized across blacklists. Alternatively you could just eliminate that subdomain from the query and possibly increase the potential for collision with good 'real' subdomains. I don't think having different "account-paths" subdomains between blacklists would be a good thing to have. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
