I wouldn't be surprised if, given the volume of new domains to be blocked (like for a malware list), there's some automation involved. And since malicious domains can be absolutely nutty it seems particularly hard to manually review for an attack like this.
Ultimately I suspect that getting fuzzing integrated, lots of testing, etc, would be wise. It would also make sense to limit the lists you subscribe to - there's not really a ton of reason, in my opinion, to subscribe to more than a basic list.
Ultimately I suspect that getting fuzzing integrated, lots of testing, etc, would be wise. It would also make sense to limit the lists you subscribe to - there's not really a ton of reason, in my opinion, to subscribe to more than a basic list.