-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Theo Van Dinter writes: > On Mon, May 23, 2005 at 06:45:12PM -0500, [EMAIL PROTECTED] wrote: > > Here's the algorithm: > > > > 1 Decode any URL-encoding in the message > > 2 Un-MIME the message > > Wrong order? > > > 3 Scan all parts of the message for URLs and email addresses (this can be > > links, IMG tags, mailto:'s, or even just something that looks like a web > > address or email address). Do NOT scan the headers. > > get_uri_list(). > > > 4 For each address, resolve the hostname to an IP and then look up that > > IP > > in your favorite DNS RBL - I use "sbl-xbl.spamhaus.org" as it caches the > > most, > > but you can also add bl.spamcop.net and relays.ordb.net > > SURBL? A bit more like URIBL_SBL, although in URIBL_SBL, we use the NS of the domains (because they're harder to switch to new servers in the spammer shell-game style). We did actually have an "A of domain name" test during 3.0.0 development, I think, but dropped it for various reasons: - - if a spammer were to use a hostname like "jm_at_jmason_dot_org.spamdomain.com", they get a free backchannel to verify that I was (a) using SpamAssassin to filter to my mail, and (b) that that address is valid. So blindly resolving the full hostname was judged as unsafe. However, replacing hostname portions with another token is not useful: assuming that "jm_at_jmason_dot_org.spamdomain.com" will have the same A as "spamdomain.com" or "www.spamdomain.com" is naive and easily evaded. - - more importantly, the results weren't very good. ;) Not as good as URIBL_SBL and the SURBL rules, at least. iirc, the hits mapped very closely to URIBL_SBL, esp since Spamhaus explicitly list nameservers of spammed domains. The details should be on bugzilla somewhere. Thanks anyway though! - --j. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Exmh CVS iD8DBQFCkm5RMJF5cimLx9ARAgdbAJ9ji51PEG0MDlZc3XkG04JepiP6tQCdHhq6 xzicut+LZT7YmjyaZmQmCdg= =U4oZ -----END PGP SIGNATURE-----