[Mimedefang] surbl
David F. Skoll
dfs at roaringpenguin.com
Tue Apr 13 12:20:17 EDT 2004
On Tue, 13 Apr 2004, Kelson Vibber wrote:
> Then SURBL should be fine. It's just a RHSBL, built from domains
> advertised in spam rather than domains that (appear to) send it. A client
> using SURBL just parses URLs out of the message and queries the domain
> names against the SURBL zone.
It still makes me nervous. An attacker could put hundreds of URLs
in the message, leading to hundreds of SURBL lookups. This kind of
traffic-amplification just screams DoS to me. But then, I tend to
be more paranoid than most. :-)
I think SURBL should be used for (let's say) the first 20 URLs in a
message, and if there are more than 20 URLs in the message, it should get
a big spam score and further SURBL lookups suppressed.
Regards,
David.
More information about the MIMEDefang
mailing list