-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Raymond Dijkxhoorn writes: > >> 1) Spammers can set up multiple ip addresses to an A record. Whatever > >> does the reporting should check all A records, from the top down. i.e. > >> query each NS multiple times to make sure it's not being round-robined or > >> reported differently from multiple DNS servers. > >> > >> 2) I can easily forsee spammers doing a wildcard subdomain as an effort to > >> thwart this, if we're doing nslookups. > > > they already do. this also opens a list-washing hole, as a hidden link > > to <a href=http://myaddress-rot13-encoded.spammer.com/> will be > > resolved, indicating to the spammer that some software at the remote end > > is resolving all links in the message. > > SURBL only takes the domain, so thats fine, its only a little feaky for > your nameserver, but then again, SA does rely on DNS a lot, so thats now > news :) Yeah. I was referring to the proposal to lookup IP addresses for href hostnames directly (instead of looking up the NS'es.) - --j. > > If OTOH you choose not to use the exact hostname parts of hrefs to avoid > > this, instead just resolving "www.spammer.com", they can then ensure that > > spammer.com and www.spammer.com do not resolve to hostnames and spam using > > links to notwww.spammer.com/payload.html instead. > > Very true. > > Bye, > Raymond. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Exmh CVS iD8DBQFBQNcEQTcbUG5Y7woRAtbTAJ9L6hI4sWLwiLA1mk2yfFdL7NE9UACggt3T SxYg3JIBYRicQuiWhMORQMY= =jgSy -----END PGP SIGNATURE-----
