On Mon, 9 Nov 2020 08:26:59 +0100 Tobi wrote: > John, > > > Because I think that suppressing that behavior for valid TLDs would > > be > an appropriate modification to avoid potential URIBL FPs > > fully agree. SA should not append .com if the domain has a valid tld > and a domain label.
Only domains of the form "<tld>" and "www.<tld>" are affected. In my experience corporate TLDs like "amazon" aren't getting used as single label domains on websites, and if they were the .com version would probably be the same site anyway. The second form is very rare, and I doubt links like that are widely used in email as they look suspicious. >We know of at least one FP related to "www.ch" > when (the expanded version) "ch.com" was checked on uribl lists. When you say FP do you mean that ch.com was listed in a domain blocklist? On the whole domain names of the form <tld>.com are going to be expensive, so they aren't likely to be owned directly by mainstream spammers. If the .com domain points to a hacked server, the firefox trick could be used to extend the useful life of the hack until both domains are listed. I think there's a case to be made either way.