It'll be interesting when Microsoft, Google, Dell, and other huge sites are listed in that gray list.
All open redirs are going to be listed on our gray uribl list. We are still finishing up the infrastructure now. Already have a bunch of mirrors. So as soon as its up, I'm sure a lot of these guys will sit up and take notice at their emails being blocked.
Our list will consider ANY open redirector to be in the same category as an open mail relay.
I've already started looking for more of these open redirs.
--Chris _______________________________________________ Discuss mailing list Discuss@lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss
I'm not so sure - I suspect they may do nothing, and RBL will go unused.
How will the maintainers of this new RBL deal with either of these scenarios?
A - Mail admins start using the redir-SURBL or whatever they're calling it, and everyone complains that mail from these sites isn't working, and the admins are pressured into disabling the feature. This will decrease its the RBLs popularity, and there's no pressure on those listed to work to get off the list, since no one's using it.
B - Because big organizations are listed, no one adopts it because they know it will be a nightmare to deal with complaints. There is no pressure to get off an un-used RBL, so no one changes the bad behaviour.
Maybe I'm missing something, but since these domains are included in SO MANY ham emails, there's no chance I'd think of enabling this in my environment.
Perhaps the redirect-SURBL (or whatever it's called..) could look at the full URL, not just the FQDN. Really you don't want to block dell.com, you want to block dell.com/some-insecure-redir/foo.php etc.
I hope this didn't all sound negative but to make this effort worthwhile someone has to figure it out.
John Delisle, CISA Senior Network Analyst, Network and Security Team Information Systems & Technology Management Dept. Ceridian Canada Ltd 600 - 125 Garry St Winnipeg, MB R3C 3P2 204-975-5909
"Matthew Wilson" matthew@boomer.com Sent by: discuss-bounces@lists.surbl.org 04/14/2005 12:35 PM Please respond to SURBL Discussion list discuss@lists.surbl.org
To "SURBL Discussion list" discuss@lists.surbl.org cc
Subject RE: [SURBL-Discuss] Capital One redirector
It'll be interesting when Microsoft, Google, Dell, and other huge sites are listed in that gray list.
All open redirs are going to be listed on our gray uribl list. We are still finishing up the infrastructure now. Already have a bunch of mirrors. So as soon as its up, I'm sure a lot of these guys will sit up and take notice at their emails being blocked.
Our list will consider ANY open redirector to be in the same category as an open mail relay.
I've already started looking for more of these open redirs.
--Chris _______________________________________________ Discuss mailing list Discuss@lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss
_______________________________________________ Discuss mailing list Discuss@lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss
-
John_Delisle@ceridian.ca -
Matthew Wilson