You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Jeremy Rumpf <jr...@heavyload.net> on 2004/11/17 20:03:41 UTC
SURBL and DNS wildcards
I've been having a few spams slip through recently that aren't hitting some of
the SURBLs. Upon checking them using the tool at:
http://www.rulesemporium.com/cgi-bin/uribl.cgi
I've noticed that some of the root domains are listed, but the full exanded
domain may not be. For instance one spam has this URL in it:
http://i.net.helpfulinfobox.com/?ggobwyvaxpngp
Now helpfulinfobox.com is listed on ws ob and multi, but
net.helpfulinfobox.com is not
i.net.helpfulinfobox.com is also not
It appears the spammer is using DNS wildcards as anything you throw before
helpfulinfobox.com gets resolved.
dig z.foo.helpfulinfobox.com -> 222.47.122.8
dig yo.momma.helpfulinfobox.com -> 222.47.122.8
Question, is this an effective was to spoof SURBL checkers? Or does the
checking code check each domain element in order looking for a hit:
i.net.helpfulinfobox.com
net.helpfulinfobox.com
helpfulinfobox.com
Thanks,
Jeremy