Re: Is there a test on blacklisted nameservers

[Justin Mason <jm...@jmason.org>]

Steve Freegard writes:
> Yet Another Ninja wrote:
> > On 9/5/2007 5:27 PM, Marc Perkel wrote:
> >> I have to say that the idea of having a blacklist of name servers used 
> >> by spammers is interesting. Something to investigate.
> >>
> > one, and its a good one, is already in use :-)
> > 
> > uridnsbl        URIBL_SBL       sbl.spamhaus.org.       TXT
> 
> Yes - true, but the SBL lists the IP of the nameservers.
> 
> I think Ram has seen the same thing as me in the past, I've had stuff 
> that has slipped past the URIBL_* tests and upon investigation of the 
> FNs - the *domain name* of the nameservers for the referenced domain is 
> already listed in either SURBL or URIBL, so therefore if the URIBL_* 
> tests were expanded to lookup the nameservers hostnames, strip of the 
> domains and test those against the URIBL_* lists, then it might yield 
> some good results.

Could that be a temporal issue, ie. fast-flux causing the domain
to change, and you caught it just in time to spot it?

I would be very surprised if one of the BLs wasn't already doing
this on the backend...

--j.