http://bugzilla.spamassassin.org/show_bug.cgi?id=3827
------- Additional Comments From [EMAIL PROTECTED] 2004-09-30 10:05 ------- I think I should update what the pros and cons of this listing non-ICANN-registrar domain boundaries are, since there seems to be some confusion. When we initially considered how SURBL and other RHSBL-style domain tests should work, we considered the possible abusable holes that spammers could use. This is one of them. Here's how it works: 1. if we only list ICANN-registrar domain boundaries (ie, "com", "co.uk", "info", "cn" et al), then we have a smaller regexp and less maintainance 2. however, if "sh.cn" is a small company that offers for-free or for-pay subdelegation to third parties, and a spammer registers "foo.sh.cn", but there are nonspam domains at "bar.sh.cn", "baz.sh.cn", we cannot list them (because we'd have to list "sh.cn" and hit all the nonspam domains too). in other words, we have a hole in our rules and in SURBL. 3. therefore we should list any "registrar boundary" where a company or organisation allows third parties to register domains under their domain, even if it's not an "official" one. (what is an "official" one anyway? do ICANN maintain a list of all the sub-ccTLD delegators, like whoever deals with registration for .co.uk, .ac.uk, et al?) So the danger is that if we cut the list down, we'll provide a hole spammers can drive through. If you all are OK with that, then fine ;) ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
