Steve Freegard wrote:
> I've been thinking about creating an emailBL to target dropboxes used
> for 419 scams, phishing, russian penpals etc. as I have a reasonable way
> to collect these in real-time and it would close a lot of doors on these
> folks provided I can avoid being caught by address stuffing.
>
> However - rather than trying to do some sort of munging to work with
> DNS; I was simply going to either MD5 or SHA1 the e-mail address e.g.
>
> s...@laptop-smf:~$ perl -MDigest::MD5 -e 'print
> Digest::MD5::md5_hex("s...@fsg.com").".emailbl.org\n"'
> 132e76bc8e252dee7c911ea2cde1f079.emailbl.org
I'm under the impression that DNSBLs reverse the IP address (e.g.
2.0.0.127.bl.spamcop.net) so the hierarchical ordering can be
preserved, but checksumming would be *significantly* better than my
proposal. Perhaps just the username, and perhaps a tighter hash (more
collisions, less DNS traffic), e.g. for your proffered sa @ fsg.com:
$ perl -MDigest::MD5 -e 'print substr(Digest::MD5::md5_hex("sa"),16) .
".fsg.com.emailbl.org\n"'
7e1e9e4aedb8242d.fsg.com.emailbl.org
$
> If you want to separate stuff out into different meanings e.g. the
> Google Anti-Phishing stuff; then just use a different sub-domain for each.
Ah, but DNSBLs and URIBLs already have that ability; they can answer
anything in the 127.0.0.0/8 space. Using a different sub-domain would
mean differing DNS lookups, which means more traffic (which is why if
you look at the SA code for Spamhaus's DNSBL, all queries go to
zen.spamhaus.org).
