This article applies to:
- Trustwave MailMarshal (SEG)
Question:
How do I check if URLs in a message body are valid and listed in DNS?
Symptom:
- Spam with URLs is not being caught by the URLCensor.
- Some spam is not being stopped by the URLCensor
Procedure:
A common spamming tactic involves registering a new domain and immediately sending out a burst of spam messages with hyperlinks pointing to a website on the new domain. During the initial message delivery there is a good chance that the message will not yet be listed on any DNS based block list. It may, in fact, may be so new that the domain name has not propagated fully in DNS. This article outlines how to target this behavior by confirming that links in the message body point to domains that actually exist in DNS.
Note: Given the nature of the DNS check, this rule could also trigger on accidentally misspelled domain names in URLs.
To create this DNS checking rule:
- Download the file DomainChecker.zip from the Article Attachments section below.
- Unpack the DomainChecker.xml file into your {Install}\Config folder.
- Create the following rule in the MailMarshal Configurator.
Content Analysis: DNS URL Checker
When a message arrives
Where the message is incoming
Where the message is categorized as 'DNS URL Checker'
Move the message to 'DNS URL Invalid'
- Commit configuration changes.
Notes:
This method requires the domain being checked to have a valid A record in DNS. Domains without A records in DNS will be classified as non-existent by the above process.
- This article was previously published as:
- NETIQKB45534
