On Fri, 5 May 2017 11:37:38 -0400 Rob McEwen wrote:
> Does RAZOR extract domains from links and checks them against a bad > domain database... sort of how SURBL works... and/or check the IP > that they resolve to? (I don't think so, but now I have to ask just > to be sure!) > > If not... this seems to go beyond checksum-checking of parts of a > message - this seems much more surgical/specific than that. > > Don't get me wrong... I'm a big fan of razor and of other > checksum-technologies. But I'm sort of shaken by this because I > always thought a FP for razor would be much more difficult due to > larger portions of a message having to match a checksum match in > order to have a hit. (sort of like a larger "fingerprint" that is not > easily duplicated in another innocent message, allegedly making FPs > practically impossible) razor2 supports multiple hash engines, but currently only engine 8 is used. This is based on a hash of URI domain name and message size in multiples of (I think) 100 bytes.
