-----Original Message----- From: John_Delisle@ceridian.ca [mailto:John_Delisle@ceridian.ca] Sent: Thursday, April 14, 2005 2:31 PM To: SURBL Discussion list Subject: RE: [SURBL-Discuss] Capital One redirector

I'm not so sure - I suspect they may do nothing, and RBL will go unused.

How will the maintainers of this new RBL deal with either of these scenarios?

A - Mail admins start using the redir-SURBL or whatever they're calling it, and everyone complains that mail from these sites isn't working, and the admins are pressured into disabling the feature. This will decrease its the RBLs popularity, and there's no pressure on those listed to work to get off the list, since no one's using it.

B - Because big organizations are listed, no one adopts it because they know it will be a nightmare to deal with complaints. There is no pressure to get off an un-used RBL, so no one changes the bad behaviour.

Maybe I'm missing something, but since these domains are included in SO MANY ham emails, there's no chance I'd think of enabling this in my environment.

Perhaps the redirect-SURBL (or whatever it's called..) could look at the full URL, not just the FQDN. Really you don't want to block dell.com, you want to block dell.com/some-insecure-redir/foo.php etc.

I hope this didn't all sound negative but to make this effort worthwhile someone has to figure it out.

All good points John. And don't we haven't thought of that. We will have the ability to disable all the redirs listed in at our whim. So if it goes that way, we can do it. We can also right some rules for this.

It took a awhile for people to block open relays. I expect this will go exactly the same way.

And please, before Jeff has a heart attack, this has nothing to do with SURBL. Just call it the Gray URIBL. Otherwise Jeff will have gray hairs ;)

--Chris