You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@spamassassin.apache.org by Simon Byrnand <si...@igrin.co.nz> on 2004/04/19 03:58:14 UTC

Re: [SURBL-Discuss] RFC: SURBL software implemetation guidelines

At 13:49 19/04/2004, Jeff Chan wrote:

>On Sunday, April 18, 2004, 6:08:11 PM, Simon Byrnand wrote:
> > At 12:43 19/04/2004, Jeff Chan wrote:
> >> >    2. Extract base (registrar) domains from those URIs. This
> >> > includes removing any and all leading host names, subdomains,
> >> > www., randomized subdomains, etc. In order to determine the
> >> > base domain it may be necessary to use a table of country code
> >> > TLDs (ccTLDs) such as the partially-imcomplete one SURBL uses.
>
>[...]
> > If a spammer were to register a domain in NZ it would look like:
>
> > spammer.co.nz or spammer.net.nz or spammer.gen.nz etc.... randomised
> > subdomains that they could create on their own nameservers would look like
> > a65423xyz.spammer.co.nz or awef3242.fssf342.spammer.co.nz etc...
>
> > Will the current code (of both SpamCopURI, and the backend processing of
> > the surbl servers for that matter) incorrectly strip this off to co.nz ? I
> > ask, because I have definately seen dns queries from SpamCopURI trying to
> > look up co.nz.sc.surbl.org which is wrong - that would cover a large
> > fraction of the websites under the NZ domain heirachy, it should be 
> looking
> > up spammer.co.nz, never co.nz.
>
> > Is there any reliable way for the code to know what a base registrar 
> domain
> > is and how many tiers there are under that domain heirachy ? (May also 
> be a
> > non-trivial problem)
>
>The traditional solution to ccTLDs (Country Code TLDs) seems to
>be to make a table of them, and make sure any extracted domains
>are +1 domain levels longer.  So for company.co.nz, don't take
>co.nz as the base domain, but instead use company.co.nz since we
>know from the table that co.nz is a two level country code TLD.
>My slightly incomplete table of ccTLDs is at:
>
>   http://spamcheck.freeapp.net/two-level-tlds

Hmm, well your list has .co.nz and .net.nz but not .school.nz (as an example)

What are the relative proportions of one level to two level country code 
TLD's ?

Are there any other one level hierachies used by countries, apart from the 
generic .com .org .net .biz etc ? Might be easier (and safer ?) to assume 
the other way around - assume its a two level country code unless listed. 
Then you're only having to list the top level (.com for example) rather 
than trying to keep track of things like .co.nz, .net.nz and so on, which 
are subject to change at the discretion of the local registrar...

Maybe I missed something :)

Regards,
Simon

Re: [SURBL-Discuss] RFC: SURBL software implemetation guidelines

Posted by Jeff Chan <je...@surbl.org>.

On Sunday, April 18, 2004, 6:58:14 PM, Simon Byrnand wrote:
> At 13:49 19/04/2004, Jeff Chan wrote:
>>The traditional solution to ccTLDs (Country Code TLDs) seems to
>>be to make a table of them, and make sure any extracted domains
>>are +1 domain levels longer.  So for company.co.nz, don't take
>>co.nz as the base domain, but instead use company.co.nz since we
>>know from the table that co.nz is a two level country code TLD.
>>My slightly incomplete table of ccTLDs is at:
>>
>>   http://spamcheck.freeapp.net/two-level-tlds

> Hmm, well your list has .co.nz and .net.nz but not .school.nz (as an example)

OK I added school.nz.  Anyeone know any others to add?  Contact
me off lists.  :-)  The list of ccTLDs came mostly from a registrar's:

  http://www.bestregistrar.com/help/ccTLD.htm

> What are the relative proportions of one level to two level country code 
> TLD's ?

See below.  In terms of spam domains ccTLDs are not a major
problem.  .com, .biz, .net have far more spam domains.

> Are there any other one level hierachies used by countries, apart from the 
> generic .com .org .net .biz etc ? Might be easier (and safer ?) to assume 
> the other way around - assume its a two level country code unless listed. 
> Then you're only having to list the top level (.com for example) rather 
> than trying to keep track of things like .co.nz, .net.nz and so on, which 
> are subject to change at the discretion of the local registrar...

Yes, that's part of the problem.  Local TLD authorities seem to
be able to add whatever TLDs they like under their own CC.  Still
I think ccTLDs should be regarded as minor.  Certainly they are not
a major destination for spam messages.  Given that, handling the
non-ccTLDs as a first priority is probably the most efficient.

Here are some relative rankings of the TLDs in domain reports I
have from a couple weeks worth of SpamCop URI reports:

  TLD    Count of reports
  ---    ----
  com    1938
  biz     424
  net     322
  info     90
  org      79
  us       39
  ru       21
  de       20
  tv       13
  nl       12
  to       10
  ph        8
  cn        8
  cc        7
  br        7
  tw        6
  pl        6
  ch        6
  ws        5
  it        5
  fr        5
  es        5
  ro        4
  jp        4
  cl        4
  nu        3
  kr        3
  cz        3
  co        3
  za        2
  uk        2
  se        2
  pt        2

Jeff C.