On 6/10/2014 10:21 AM, Axb wrote: > All URI BLs I know of (SURBL/URIBL/DBL/Invaluement/etc) check & track > domain reputation otherwise they'd be unusable. > Their listings are not blind - they all have their secret sauce to > process before listing a domain.
Absolutely. As Axb and KAM and others stated, a very young domain age is too dangerous to outright block or score high on... but might be a good factor or good for combining with other rules. Also, if anyone does see spam that contain domains in the clickable links where that spam should have been blocked, but was not... then check the domain contained within the spam again the lookup found at http://multirbl.valli.org and/or http://mxtoolbox.com/blacklists.aspx (some months ago, MX Toolbox upgraded their system to check domains against URI/domain blacklists. In some cases, this could have been a game of inches where your user caught the "tip of the spear" and received the very first spams in a spam campaign that otherwise was quickly listed by the well known URI BLs. However, you may find that one or two good URI BLs are simply not implemented in your system--where that would have made all the difference! Those lookup forms will point you in the right direction. The same can also be true for checking sending IPs--then reviewing your current mix of sender's IP dnsbls (aka RBLs). Of course, don't fall into the trap of using a BL that catches much, but has too many FPs. But the list of URI BLs that Axb gave above are all extremely low-FP URI blacklists. -- Rob McEwen +1 (478) 475-9032
