Mailing List Archive

http://bugzilla.spamassassin.org/show_bug.cgi?id=3549





------- Additional Comments From roy@gnomon.org.uk 2004-06-27 11:42 -------
The list of 3LDs under eu.org is here http://www.eu.org/opendomains.html

If eu.org is going to be listed under $TWO_LEVEL_DOMAINS then I think these
should probably be listed under $THREE_LEVEL_DOMAINS

-roy



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

Do we really want to list private ones as well? There are going to be
hundreds upon hundreds. (Only 50% serious: Domains are so cheap, I
figure if a private listing supports spammers, then the whole darn thing
can be listed.)

Daniel

--
Daniel Quinlan
http://www.pathname.com/~quinlan/

http://bugzilla.spamassassin.org/show_bug.cgi?id=3549





------- Additional Comments From quinlan@pathname.com 2004-06-27 17:04 -------
Subject: Re: Inconsistent coverage of private registries in RegistrarBoundaries.pm

Do we really want to list private ones as well? There are going to be
hundreds upon hundreds. (Only 50% serious: Domains are so cheap, I
figure if a private listing supports spammers, then the whole darn thing
can be listed.)

Daniel





------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.spamassassin.org/show_bug.cgi?id=3549





------- Additional Comments From jeffc@surbl.org 2004-06-27 17:45 -------
If the private registrars are even partially white hat we probably want to
include them in a TLD exclusion list so the registrar itself does not get
listed.

But more importantly, listing the private registrar's domain means that any
subdomains they register *can* be blocked on. In the current SURBL logic, if an
otherwise syntactically two level domain (like registrar.uk) is not listed as a
two level tld, then it's subdomains *can't* be listed. (If it's not
specifically listed then only registrar.uk could get blocked. If it *is* listed
then anysubdomains.registrar.uk can get blocked.)

FWIW we already detected and included eu.org and au.com in the SURBL list of two
level tlds, even though strictly speaking they're more like the private
registars, as Roy notes. I've added the other two level domains Roy found:
br.com, ... tel.no, etc.

1. If anyone knows of any others, please let us know. Posting on the SURBL and
SA discussion lists would be good.

2. It probably would be a good idea for SA3 to have a similar behavior by also
including these in RegistrarBoundaries.pm as Roy Suggests.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.spamassassin.org/show_bug.cgi?id=3549





------- Additional Comments From jeffc@surbl.org 2004-06-27 18:11 -------
FWIW2, I've added the eu.org three-level-TLD-like things as a whitelist for
SURBLs. That prevents them from being blocked directly, but unlike thte
two-level-tld list probably does not allow their subdomains to be listed. I
should move SURBLs to a more generic handling of these, and/or re-visit the code
and see if it can be made to grab fourth level subdomains when three-level
domains are treated likt top level domains.

In the big picture however, these domains probably are not subject to as much
abuse as the generic TLDs like .biz, .info, .com, and the top geographic spam
TLD: .us .... :-(



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.spamassassin.org/show_bug.cgi?id=3549





------- Additional Comments From spamassassin-contrib@msquadrat.de 2004-06-27 18:28 -------
As I already pointed out on a similar issue on bug 3467, is hardcoding
fluctutating stuff like this suboptimal. IMHO :) On the other hand do I have
no clue for what RegistrarBoundaries.pm is actually used.

Whatever, I suggest is the following (maybe something like this already exists
in SURBL):

Create a DNSDB from which one can query these boundaries. One queries
sub.domain.example.net (where example.net would be the domain of the DNSDB)
and gets back an 127/8 A record where the lowest byte is the number of levels
that provider uses (the rest is ingored). Samples:
www.msquadrat.de.example.net -> 127.0.0.1
malte.stretz.eu.org.example.net -> 127.0.0.2
foo.de.eu.org.example.net -> 127.0.0.3

In the codebase itself would only stay the official boundaries as a fallback.




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.spamassassin.org/show_bug.cgi?id=3549





------- Additional Comments From jeffc@surbl.org 2004-06-27 18:55 -------
Yes, we could set up a zone to distribute info about TLDs in a general way,
instead of trying to hard code it. That's probably a nice, network-centric
model for getting the information out. However it's probably more valuable for
completeness than actual spam fighting utility since spammers thus far do not
appear to be abusing obscure geographic TLDs for hosting their sites. So it's
somewhat a question of priorities versus style. Right now it's not too high on
the priority list. That said if spammers shifted to abusing these domains, it
could be a good solution.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.spamassassin.org/show_bug.cgi?id=3549





------- Additional Comments From jm@jmason.org 2004-06-27 19:27 -------
Subject: Re: Inconsistent coverage of private registries in RegistrarBoundaries.pm

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Daniel Quinlan writes:
> Do we really want to list private ones as well? There are going to be
> hundreds upon hundreds. (Only 50% serious: Domains are so cheap, I
> figure if a private listing supports spammers, then the whole darn thing
> can be listed.)

Yes, we do, where they really do allow domain registration in the same way
that the TLDs do. (Some private "registrars" like eu.com have
more domains registered than a lot of the ccTLDs do.)

- --j.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Exmh CVS

iD8DBQFA34HRQTcbUG5Y7woRAms7AKCzHO+jpOlyhm5/hRP1J9t71Kg5LwCgoAtU
Zz2MLvzMscJOqtj3U+om2gQ=
=t2lk
-----END PGP SIGNATURE-----





------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.spamassassin.org/show_bug.cgi?id=3549





------- Additional Comments From jm@jmason.org 2004-06-27 19:36 -------
Subject: Re: Inconsistent coverage of private registries in RegistrarBoundaries.pm

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


[jeffc:]
>2. It probably would be a good idea for SA3 to have a similar behavior
>by also including these [br.com, ... tel.no, etc.] in
>RegistrarBoundaries.pm as Roy Suggests.

+1. agreed.

>In the big picture however, these domains [eu.org etc.] probably are not
>subject to as much abuse as the generic TLDs like .biz, .info, .com, and
>the top geographic spam TLD: .us .... :-(

But they *will* be if we leave that hole open.

IMO, we *have* to list these as 3-level registrar-boundaries, otherwise
we'll leave a gaping hole in the SURBL/URIBL functionality for spammers to
exploit. (we can't realistically BL eu.org or eu.com for example;
it's on the same level as listing tinyurl.com.)

[Malte:]
> As I already pointed out on a similar issue on bug 3467, is hardcoding
> fluctutating stuff like this suboptimal. IMHO :) On the other hand do I
> have no clue for what RegistrarBoundaries.pm is actually used.

This is *exactly* what RegistrarBoundaries.pm was designed to be used
for ;) that's the purpose of the module.

- --j.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Exmh CVS

iD8DBQFA34QiQTcbUG5Y7woRAmJxAKC7NGbUUdahb/yEpt1gteLbIRvmyQCdGfJd
H4ZZB9oAFu/xdD6lN3HtaHA=
=c5TY
-----END PGP SIGNATURE-----





------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.spamassassin.org/show_bug.cgi?id=3549





------- Additional Comments From roy@gnomon.org.uk 2004-06-28 03:14 -------
Found another one: dk.org

In fact dk.org seem to be behind the tel.no, tel.nr domains as well.

-roy



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.spamassassin.org/show_bug.cgi?id=3549





------- Additional Comments From jeffc@surbl.org 2004-06-28 03:57 -------
FWIW I've added dk.org to the SURBL two-level-tld list.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.