ietf-asrg
[Top] [All Lists]

Re: [Asrg] 2b. SMTP Session Verification - New blacklist for spamvertised domains

2004-04-22 12:02:28
On Sat, Apr 10, 2004 at 11:36:22PM -0400, Yakov Shafranovich wrote:
A new blacklists for spamvertized domains has been brought up. You can 
find it at:

http://www.surbl.org/

Hmm... maybe I am misreading, but this seems just wrong:

    It's important to note that SURBL should be used with the basic,
    "registrar" domain, i.e., the domain name that would be registered
    at a registrar. While the current version does count frequently
    occurring spam subdomains (e.g., subdomain.spamdomain.com), future
    versions of SURBL will probably only have the basic domain (e.g.,
    spamdomain.com). Therefore applications using SURBL should remove
    all but the basic domain before trying to match them. Due to the
    way the current data is counted, the basic domain will work just
    as well or better than one with a subdomain. Therefore for future
    compatibility SURBL users should start using only the base domain.

Better terminology would help- I'm reading the above to mean that
they reduce every name to a second-level domain.  In that case 
if there's a spamvertized domain in, say, "nh.us" then all of nh.us
is impacted.  Hardly seems like a good thing to me.

Actually the FAQ goes on to say (or at least I infer- it's hard to
read), that reports are counted at each level (so a report on
foo.nh.us would add a count to both "foo.nh.us" and "nh.us").  However
it also recommends that the client check the second level domain
first, and also says that it's likely that *only* second level domains
will be listed in the future.

I understand the goal of trying to de-randomize (and normalize)
spamvertized URLs.  But I don't really think subdomain stripping alone
is workable.  Normalizing a la URIDNSBL seems slightly better,
although still not perfect.

mm

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg