On Sat, Apr 10, 2004 at 11:36:22PM -0400, Yakov Shafranovich wrote:
A new blacklists for spamvertized domains has been brought up. You can
find it at:
http://www.surbl.org/
Hmm... maybe I am misreading, but this seems just wrong:
It's important to note that SURBL should be used with the basic,
"registrar" domain, i.e., the domain name that would be registered
at a registrar. While the current version does count frequently
occurring spam subdomains (e.g., subdomain.spamdomain.com), future
versions of SURBL will probably only have the basic domain (e.g.,
spamdomain.com). Therefore applications using SURBL should remove
all but the basic domain before trying to match them. Due to the
way the current data is counted, the basic domain will work just
as well or better than one with a subdomain. Therefore for future
compatibility SURBL users should start using only the base domain.
Better terminology would help- I'm reading the above to mean that
they reduce every name to a second-level domain. In that case
if there's a spamvertized domain in, say, "nh.us" then all of nh.us
is impacted. Hardly seems like a good thing to me.
Actually the FAQ goes on to say (or at least I infer- it's hard to
read), that reports are counted at each level (so a report on
foo.nh.us would add a count to both "foo.nh.us" and "nh.us"). However
it also recommends that the client check the second level domain
first, and also says that it's likely that *only* second level domains
will be listed in the future.
I understand the goal of trying to de-randomize (and normalize)
spamvertized URLs. But I don't really think subdomain stripping alone
is workable. Normalizing a la URIDNSBL seems slightly better,
although still not perfect.
mm
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg