By the way, my only suggestion to combat this is to have the surbl client send an http request to google, to see what redirect site is returned, and then check *that* site in SURBL or in the other redirects. If the use of this technique picks up, google is going to have that additional burden.
Who really uses the "I'm Feeling Lucky" button anyway?
-----Original Message----- From: discuss-bounces@lists.surbl.org [mailto:discuss-bounces@lists.surbl.org] On Behalf Of Matthew Wilson Sent: Wednesday, March 23, 2005 7:39 AM To: SURBL Discussion list Subject: [SURBL-Discuss] google is open redirector
See the following link. By using "I'm Feeling Lucky", a spammer just has to rank at the top of google's searches for *any* search, meaningful or not.
http://www.google.com/search?sourceid=navclient&ie=UTF-8&rls=G
GLC,GGLC:1
969-53,GGLC:en&q=blank+check+paper%2C+magnetic+ink+for+inkjets
&btnI=I'm%
20Feeling%20Lucky
Matthew Wilson, MCSE (2003), MCSA-Messaging Network Administrator matthew@boomer.com Boomer Consulting, Inc. 610 Humboldt Manhattan, KS 66502 http://www.boomer.com http://www.boomer.com/ 1-888-266-6375 x 17
Discuss mailing list Discuss@lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss
Matthew Wilson wrote:
By the way, my only suggestion to combat this is to have the surbl client send an http request to google, to see what redirect site is returned, and then check *that* site in SURBL or in the other redirects. If the use of this technique picks up, google is going to have that additional burden.
This is a serious concern. But your suggestion would need a pretty good amount of change in code and similar technique can probably be used in other search engines. so first the code need to check whether the URL contains google or not and then fire the url and trap back the response. That may cause more delay in the reply. As SURBL works on the DNS resolution and not on dynamic queries for every mails. Which will be required in this case.
What best we can do is look for FQDNs in the urls and if we find any also check them against SURBLs.
Who really uses the "I'm Feeling Lucky" button anyway?
Matthew Wilson wrote:
By the way, my only suggestion to combat this is to have the surbl client send an http request to google, to see what redirect site is returned, and then check *that* site in SURBL or in the other redirects. If the use of this technique picks up, google is going to have that additional burden.
I've added a spamassassin rule for this (see below). I don't expect to see many false positives, though time will tell... As you say,
Who really uses the "I'm Feeling Lucky" button anyway?
# 2005-03-23 new rule uri local_GOOGLE_LUCKY /(?:\bgoogle\b)*&btnI=/i describe local_GOOGLE_LUCKY Redirect through Google Feeling Lucky score local_GOOGLE_LUCKY 2.0
John.
-
John Wilcock -
Matthew Wilson -
Rakesh