How are randomized subdomains or host names handled?
The randomized subdomain problem is solved by extracting the base domain on both the SURBL data and message-checking client sides then comparing those base domains. In this way any random stuff added to the base domain is ignored. (The base domain is what would be registered with a name registrar.) We’ve seen quite a few randomized or customized (to a username for example) host names in some of the top pill sites. There are different possible reasons for the randomization: to add chaos to the names to throw off message body checkers, or perhaps to “key” pill site web visits to specific mailings in order to build a confirmed mailing list. (Such confirmed mailing lists themselves are probably a valuable commodity to sell to other senders.) Randomization doesn’t throw us off though; we catch them from the base domain part, which can’t change.
