spf-discuss
[Top] [All Lists]

RE: Can SPF support subdomain reputation?

2004-08-28 01:00:07

One technique, which AccuSpam uses, which I do not claim IPR rights to 
(consider it a gift if not previously in prior art), is to limit the length of 
the domain chunk you will walk back to in order to determine the "controlling 
domain".

Currently AccuSpam will not walk back past domain chunks longer than 4 
characters.  This requires whitelisting the algorithm for any 5 character TLDs 
(or actually mapping all of the combinations).

In other words, you can do the SPF check on the full subdomain, but assign the 
reputation to the "controlling domain".

PHP code:

// Assume all 3 letter subdomains are part of the "controlling domain" 
($tld_start)
do
{
        $last_dot = $prev_dot;
        $sans_dot = substr( $email, 0, $last_dot );
        $prev_dot = (int)strrpos( $sans_dot, "." );
}
while( $prev_dot > $ampersand && $last_dot - $prev_dot <= 4 );
$tld_start = 1 + max( (int)$ampersand, $prev_dot );
return substr( $email, $tld_start );


At 03:31 AM 8/28/2004 -0400, you wrote:
Not infinite!
But enough that each atom on earth could have its own email address.
:)

I have seen real domains that were 4 or more levels deep.

I hit this topic a few weeks ago, but no real answer.
The best answer was to black list the sub-domain, if enough sub-domains get
black listed then black list the higher level domain, which would include
all sub-domains under it.  But domains are not limited to 2 levels.
guy(_at_)a(_dot_)b(_dot_)c(_dot_)d(_dot_)e(_dot_)f(_dot_)g(_dot_)h(_dot_)i(_dot_)j(_dot_)k(_dot_)l(_dot_)example(_dot_)com(_dot_)
is valid.
So if a.b.c.d.e.f.g.h.i.j.k.l.example.com. was black listed,
And a2.b.c.d.e.f.g.h.i.j.k.l.example.com. was black listed,
Then b.c.d.e.f.g.h.i.j.k.l.example.com. may get black listed also, which
would include all sub-domains like a3.b.c.d.e.f.g.h.i.j.k.l.example.com.

Then you get into things like example.com.uk., if example.com.uk. and
example2.com.uk. were black listed, would you black list com.uk.?

Then I suggested someone needs to maintain a master list of top level
domains, these should never get black listed.  Some top level domain are
really sub-domains.  This list would include "com.", "net.", "edu.", ".",
"com.uk." and "com.us.".  This is just a small sample.  "name." is a special
case.  I (Guy Watkins) reserve the rights to this idea!  If it has value to
anyone, let's talk!

Guy

-----Original Message-----
From: owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
[mailto:owner-spf-discuss(_at_)v2(_dot_)listbox(_dot_)com] On Behalf Of 
AccuSpam
Sent: Saturday, August 28, 2004 2:48 AM
To: spf-discuss(_at_)v2(_dot_)listbox(_dot_)com
Subject: [spf-discuss] Can SPF support subdomain reputation?

Bcc: some

Resending as did not appear on list first time...

Playing devils advocate here so we can resolve in draft stage...

Please correct me if I am mistaken, but it appears that SPF supports the
ability to set different rules on different subdomains (sub.domain.tld).

Thus the apparent intent implied by the syntax is that SPF declaration can
support subdomain reputations.  But then what stops a spammer from creating
infinite subdomains to bypass reputation anti-forgery, analgous to how (a
few astute) spammers create infinite new variations of words to bypass
Bayesian anti-spam?

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19 in Atlanta features
SPF and Sender ID.
To unsubscribe, change your address, or temporarily deactivate your
subscription, 
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com

-------
Sender Policy Framework: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
http://www.InboxEvent.com/?s=d --- Inbox Event Nov 17-19 in Atlanta features 
SPF and Sender ID.
To unsubscribe, change your address, or temporarily deactivate your 
subscription, 
please go to 
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com