[64143] in North American Network Operators' Group
Re: more on VeriSign to revive redirect service
daemon@ATHENA.MIT.EDU (Chris Lewis)
Thu Oct 16 14:08:59 2003
Date: Thu, 16 Oct 2003 13:46:44 -0400
From: "Chris Lewis" <clewis@nortelnetworks.com>
Cc: nanog@merit.edu
In-Reply-To: <200310161553.h9GFrEUY012051@turing-police.cc.vt.edu>
Errors-To: owner-nanog-outgoing@merit.edu
Valdis.Kletnieks@vt.edu wrote:
> On Thu, 16 Oct 2003 10:16:53 CDT, Andrew D Kirch <trelane@trelane.net> said:
>
>>I would certainly say there's an elitism, or perhaps a higher level of
>>credibility given to a .com or .net site, due to the fact that they've probably
>>existed for quite a bit longer than a .biz or .info.
> Most of my spam points back to .com addresses. Not much credibility generated
> there...
> There's sufficient churn on the bottom-feeding .com's that it's not a reliable
> indicator. Now you want *stability*, look for a site that's got a .arpa other than
> in-addr.arpa :)
On the other hand, in our spam filters, we have a content filter block
on the string ".biz" followed by a slash (I'm spelling it out because I
don't think I've whitelisted this list). It works surprisingly well.
Out of several tens of thousands of blocks per week on that rule, we
get, perhaps, 3 FP reports. Which is an acceptable level of FPs given
the overall effectiveness. Most of them are resolved by advising the
sender to not end http://foo.bar.biz site-level URLs with a slash.
