You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Justin Mason <jm...@jmason.org> on 2007/09/05 20:00:13 UTC
Re: Is there a test on blacklisted nameservers
Steve Freegard writes:
> Yet Another Ninja wrote:
> > On 9/5/2007 5:27 PM, Marc Perkel wrote:
> >> I have to say that the idea of having a blacklist of name servers used
> >> by spammers is interesting. Something to investigate.
> >>
> > one, and its a good one, is already in use :-)
> >
> > uridnsbl URIBL_SBL sbl.spamhaus.org. TXT
>
> Yes - true, but the SBL lists the IP of the nameservers.
>
> I think Ram has seen the same thing as me in the past, I've had stuff
> that has slipped past the URIBL_* tests and upon investigation of the
> FNs - the *domain name* of the nameservers for the referenced domain is
> already listed in either SURBL or URIBL, so therefore if the URIBL_*
> tests were expanded to lookup the nameservers hostnames, strip of the
> domains and test those against the URIBL_* lists, then it might yield
> some good results.
Could that be a temporal issue, ie. fast-flux causing the domain
to change, and you caught it just in time to spot it?
I would be very surprised if one of the BLs wasn't already doing
this on the backend...
--j.