Bug 5014 - do URI blacklist checks on domains found in email addrs in body
Summary: do URI blacklist checks on domains found in email addrs in body
Status: NEW
Alias: None
Product: Spamassassin
Classification: Unclassified
Component: Libraries (show other bugs)
Version: SVN Trunk (Latest Devel Version)
Hardware: Other other
: P3 enhancement
Target Milestone: 4.0.0
Assignee: SpamAssassin Developer Mailing List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-07-30 06:29 UTC by Daryl C. W. O'Shea
Modified: 2019-06-24 15:31 UTC (History)
1 user (show)



Attachment Type Modified Status Actions Submitter/CLA Status
sample spam text/plain None Daryl C. W. O'Shea [HasCLA]

Note You need to log in before you can comment on or make changes to this bug.
Description Daryl C. W. O'Shea 2006-07-30 06:29:46 UTC
I still think we should do URI blacklist checks (SURBL/URIBL) on the domains of
email addresses found in the body of a message.  See bug 4201.

I'm seeing the fact that we don't check these being abused more and more often.
 It's quite noticable now.
Comment 1 Daryl C. W. O'Shea 2006-07-30 06:32:22 UTC
Created attachment 3614 [details]
sample spam

Sample spam message.  glorymorningz.com is listed on URIBL black (since
2006-07-21 16:01:04 GMT), but not checked.
Comment 2 Justin Mason 2006-07-30 10:34:08 UTC
do a mass-check with it on, vs. it off, so we can compare results.
(be sure to restart the DNS daemon between runs so caching
does not affect it.)
Comment 3 Theo Van Dinter 2006-07-30 16:00:55 UTC
(In reply to comment #2)
> do a mass-check with it on, vs. it off, so we can compare results.
> (be sure to restart the DNS daemon between runs so caching
> does not affect it.)

Also, the email addr domains should be considered low priority to avoid email
addr dos'ing of the check ala "empty anchor text" was doing.
Comment 4 Jeff Chan 2006-07-31 15:38:57 UTC
I'd like to point out that SURBLs weren't meant to be used this way, and it will
increasw our nameserver queries.  Unless it results in a radical improvement in
spam detection, I would oppose it.
Comment 5 Justin Mason 2006-12-12 12:40:23 UTC
moving RFEs and low-priority stuff to 3.3.0 target
Comment 6 Justin Mason 2010-01-27 02:20:47 UTC
moving most remaining 3.3.0 bugs to 3.3.1 milestone
Comment 7 Justin Mason 2010-01-27 03:16:32 UTC
reassigning, too
Comment 8 Justin Mason 2010-03-23 16:33:48 UTC
moving all open 3.3.1 bugs to 3.3.2
Comment 9 Karsten Bräckelmann 2010-03-23 17:42:51 UTC
Moving back off of Security, which got changed by accident during the mass Target Milestone move.
Comment 10 Henrik Krohns 2019-06-24 15:31:22 UTC
Any ideas if we should check mailto:foo@bar.net domains from URIBLs these days?

Maybe tflag emails_only would help to create rules for specific blacklists. :-)