http://issues.apache.org/SpamAssassin/show_bug.cgi?id=3549
------- Additional Comments From [EMAIL PROTECTED] 2005-11-17 15:22 ------- (In reply to comment #33) > Yeah, no kidding. It's just as impractical as listing each > "massivegibberish.tripod.com." host. > > I don't suggest attempting either, just pointing out that using CNAMEs to > whitelist a limited set of subdomains is a lot easier, and certainly more > efficient, than blacklisting a massive number of random subdomains. I should have mentioned that the tripod spam subdomains seem relatively limited in number at any given time. There are probably no more than a few hundred actively spammed ones at any given time. The number is likely smaller than the number of whitehat subdomains, which we also probably can't know. Therefore it probably makes the most sense to list the blackhat ones (as opposed to publishing whitelists of the whitehat ones). Perhaps you're agreeing, and I'm simply not seeing it.... [some implementation ideas elided] > [3] If it's decided to list subdomains of free-hosts, such as Tripod, that > provider could be trivial added to the user config and the blacklists can go > at > listing each of the blackhat domains. I don't think subdomain keying is an > issue with the free hosts... there's no way they're going to register a > hosting > account for each recipient. Agreed that seems likely for the public hosts like tripod. The keyed subdomains seem to happen more often on domains operated by/for spammers. > And the stuff that's pretty far off track from this bug... > > [4] A similar thing goes for "path based" free hosts like Geocities. A user > config option (with the same possibility for automatic updates as above) would > tell the software to query the path as host instead. Yes, encoding path data from URIs has been suggested. That's a whole 'nother can of worms I haven't opened. :-) Personally I'm still more interested in focussing on spammers' large numbers of disposable domains as they seem the biggest threat. Like criminals, spamemrs tend to be on the move constantly, and that means sending from random IPs, going through many domains in rapid succession, etc. IMO those are the ones most important to catch. Any IPs or domains that are relatively static are much easier to catch, which I suppose is why spam gangs tend not to use them. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
