I've been having a few spams slip through recently that aren't hitting some of the SURBLs. Upon checking them using the tool at:
http://www.rulesemporium.com/cgi-bin/uribl.cgi I've noticed that some of the root domains are listed, but the full exanded domain may not be. For instance one spam has this URL in it: http://i.net.helpfulinfobox.com/?ggobwyvaxpngp Now helpfulinfobox.com is listed on ws ob and multi, but net.helpfulinfobox.com is not i.net.helpfulinfobox.com is also not It appears the spammer is using DNS wildcards as anything you throw before helpfulinfobox.com gets resolved. dig z.foo.helpfulinfobox.com -> 222.47.122.8 dig yo.momma.helpfulinfobox.com -> 222.47.122.8 Question, is this an effective was to spoof SURBL checkers? Or does the checking code check each domain element in order looking for a hit: i.net.helpfulinfobox.com net.helpfulinfobox.com helpfulinfobox.com Thanks, Jeremy
