> I assume that eventually this DNS query would respond with high trust: > > # dig alertsp.chase.com.dwl.dnswl.org
I wondered why this query suddenly appeared from dozens and dozens of sources in the log :) That is a good example, in that it shows one point to discuss: subdomains. At least in the dnswl.org data we currently have only very few subdomains (because historically we did not care about this). However in practice I believe this is pretty widely used (especially if third parties send email on behalf of the domain owner), so we need to pick up fast on this. The parent domain is listed in our database (chase.com.dwl.dnswl.org 127.0.2.2). I’m not sure whether the reputation of a parent zone should be „inherited“ by a child zone. Additionally it is a good example in terms of the score, which we currently calculate based on the score of the IPs associated with this entry. A lot of the JPMChase IPs are on trust-level hi, a few on medium, which is enough to result in an average medium score. There is room for improvement there :) — Matthias
