Even though zdnet.com shouldn't be in SURBL, wouldn't having chkpt.zdnet.com (the actually site doing the redirect) be in SURBL?

-----Original Message----- From: Jeff Chan [mailto:jeffc@surbl.org] Sent: Tuesday, March 22, 2005 12:38 AM To: users@spamassassin.apache.org Cc: SURBL Discuss Subject: Re: ZDNET redirecting to spammer websites?

On Monday, March 21, 2005, 11:32:45 AM, Bobby Rose wrote:

Wouldn't this just be something that SURBL should take care of? If this URL is the source of spam then it should be in SURBL regardless if it's in the zdnet.com domain. Right!?

Which domain are you referring to?

zdnet.com should not be in SURBLs because it has too many legitimate uses. If we listed zdnet.com that would surely result in false positives.

On the other hand viags.com and simply-rx.net should be listed in SURBLs, *and they are*.

What's needed is for applications like SpamAssassin to parse the redirection correctly and check both zdnet.com and viags.com. zdnet.com should not match SURBLs, but viags.com should.

QED.

Jeff C. __

-----Original Message----- From: Rosenbaum, Larry M. [mailto:rosenbaumlm@ornl.gov] Sent: Monday, March 21, 2005 10:35 AM To: users@spamassassin.apache.org Subject: ZDNET redirecting to spammer websites?

We received a drug spam containing the following URL:

http://chkpt.zdnet.com/chkpt/supposedtoallow/fdl%2ev%69%61%67%73.co%6d /p /b/kmioa

This URL will actually take you to fdl.viags.com (which then goes to www.simply-rx.net). As far as I know, the SA SURBL check will check zdnet.com, not the spammer domain viags.com. What is going on here, and what should we do about it?

Larry

Jeff C. -- Jeff Chan mailto:jeffc@surbl.org http://www.surbl.org/