On Thursday, May 13, 2004, 7:49:49 AM, Matt Kettler wrote: > At 03:47 PM 5/13/04 +0200, Jona Tallieu wrote:
>>Is there a way to use the SURBL-way of BL checking with >>other lists like the Spamhaus lists, so that all the URL's >>mentioned in the body of the mail are also checked >>by the SBL-XBL lists of Spamhaus? >> >>Or maybe a new SURBL list can act as a copy of SBL-XBL? > SURBL checks urls, based on their textual domain name. It uses the spamcop > reporting system to collect URLs to list, but doesn't check the spamcop > blacklist. > sbl, and most other blacklists, check IP addresses. Also, since these lists > are focused on mailservers and exploited boxes used in spamming, they > generally won't have the IPs of the web-host in them anyway. Spamhaus also has the IP addresses of a few of the web hosts, and as Jona pointed out separately, also some of the name servers of spam web site domains. But the majority of the spamhaus data are probably sending domains or sending IP addresses, i.e. some known source IP addresses of spam messages. So the Spamhaus data which references some spam web sites can be used to block/tag messages, if the domains found in inbound messages are first resolved into IP addresses. SA commands such as uridnsbl in 3.0 will do that, but at the cost of name resolution on message URIs, which can be non-trivial, especially for a mail system that processes a large volume of messages. > You'd be doing several extra DNS queries (resolve www.mypills.com to an IP, > then resolve that IP against SBL), and it's not clear you'd have a decent > hitrate, since SBL/XBL isn't intended to list the targets of your query. Exactly. One of the advantages of SURBLs over the IP address way of checking message body URIs is the avoidance of needing to do name resolution on the inbound message body URI domains. That can be a substantial time and network traffic savings, especially on a busy server, given that timeouts need to be handled, etc. For example if a spam has many unresolveable URI domains, it would delay the processing of mail, waiting for the blocking DNS queries to fail. (I almost hate to mention that and give spammers ideas.) While the spamhaus data includes the IP addresses of some spam web servers, that is not the primary focus of their data. SURBL data on the other hand contains message body URI domains exclusively in sc.surbl.org, and mostly in the other lists such as ws.surbl.org. Hope this helps, Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
