Use ZRD for domains of urls in mail?

[drott]

Hostnames in URLs of the content seem to be checked against the DBL list, but not the ZRD list. I suggest to add that (if I am not missing anything.)

I see some spam that contains links to newly registered domains but are not sent from these domains or do not contain email addresses to ZRD-contained lists.

Would it make sense to add a check against ZRD for hostnames of URLs in the content, maybe in this form (untested example)?

    spamhaus_zrd_links {
	ignore_defaults = true;
	no_ip = true;
	rbl = "your_DQS_key.zrd.dq.spamhaus.net";
	selector = 'urls:get_host'
        disable_monitoring = true;
         returncodes = {
           SH_LINK_ZRD_VERY_FRESH_DOMAIN = [
             "127.0.2.[2-4]+"
           ];
           SH_LINK_ZRD_FRESH_DOMAIN = [
             "127.0.2.[5-9]+",
             "127.0.2.1[0-9]+",
             "127.0.2.2[0-4]+"
           ];
         SH_LINK_ZRD_DONT_QUERY_IPS = [ "127.0.2.255" ];
       }
    }

[pmcintyre]

Has already been in the plugin since at least 2019.

[drott]

Has already been in the plugin since at least 2019.

What do you refer to by "plugin" here? Something in upstream rspamd so that it wouldn't need custom configuration as done by the scripts/configs in this repo?