On Tue, 13 Apr 2004, Kelson Vibber wrote: > Then SURBL should be fine. It's just a RHSBL, built from domains > advertised in spam rather than domains that (appear to) send it. A client > using SURBL just parses URLs out of the message and queries the domain > names against the SURBL zone.
It still makes me nervous. An attacker could put hundreds of URLs in the message, leading to hundreds of SURBL lookups. This kind of traffic-amplification just screams DoS to me. But then, I tend to be more paranoid than most. :-) I think SURBL should be used for (let's say) the first 20 URLs in a message, and if there are more than 20 URLs in the message, it should get a big spam score and further SURBL lookups suppressed. Regards, David. _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
