On Monday, March 29, 2004, 2:15:27 AM, Tony Finch wrote: > On Mon, 29 Mar 2004, Jeff Chan wrote: >> >> So a technique to defeat the randomizers greater count is to look >> at the higher levels of the domain, under which SURBL will always >> count the randomized children of the "bad" parent. In this case >> the URI diversity created through randomization hurts the spammer >> by increasing the number of unique reports and increasing the >> report count of their parent domain, making them more likely to >> be added to SURBL. (Dooh, this paragraph is redundant...)
> Another approach is to blacklist nameservers that host spamvertized > domains. If an email address or a URI uses a domain name whose nameservers > are blacklisted (e.g. the SBL has appropriate listing criteria), or if the > reverse DNS is hosted on blacklisted nameservers, these may be grounds for > increasing the score. > I don't know if SA does this check yet. Yes Eric and I discussed this approach, and I know others have also, but I tend to think it could be overbroad and could catch too many innocent domains. For example, a non-rogue ISP who got burned by a spamming (ex-)customer could poison the legitimate domains of all their other customers who use the same name servers. Our feeling is that addressing the *domains that actually appear in spam* is more direct and therefore much less prone to collateral damage. Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://sc.surbl.org/
