[SURBL-Discuss] Re: Anti-SURBL technique ?

Jeff Chan jeffc at surbl.org
Fri May 28 05:37:49 CEST 2004


On Friday, May 28, 2004, 3:48:15 AM, Rikhardur EGILSSON wrote:
> From: jdow [mailto:jdow at earthlink.net]

  See: http://article.gmane.org/gmane.mail.spam.spamassassin.general/50187

>> If it hurts when you put your finger in the pencil sharpener and turn the
>> crank don't do it.
>> Simply cancel all redirects as spam. If someone legitimate is not courteous
>> enough to send it "clear" then "scroom."

> Good point, but how do I do that ?

> If I understand the SURBL documentation corectly
> "spamcop_uri_resolve_open_redirects" will only work on those domains
> explicitly named in "open_redirect_list_spamcop_uri" not every spammer
> throwaway domain..

We could probably put together a small paper on the subject
of redirection sites.  First thing to note is that there are
different types.  Some like the yahoo redirection site show
the destination URI clearly contained within the original URI.
Others like tinyurl or the spammer redirection site you found
encode the destination site so that it's not plainly visible in
the original URI.  The latter have been called "opaque" and the
former "open" redirections.  Probably there are other names
also, but you get the idea.

urirhsbl in SA 3.0 will check all the domains visible in the
URI against the SURBL it's called on (perhaps up to some limited
number of URIs), including checking the redirection sites
themselves.  If the "redirect resolution" feature is enabled,
SpamCopURI in SA 2.63 will attempt to resolve the Location header
using the redirection server, but I'm not sure whether it can do
so on an opaque redirection or not.

All of the previous answers also apply.  Reporting spams to
SpamCop which have any visible black hat redirection sites will
get them into sc.surbl.org unless we specifically whitelist them,
which we would not do for purely spammer redirectors such as
the one you found.  In that way, even an opaque redirection site
will get listed if it's a bad guy redirection site, as opposed
to a mostly legitimate one like Yahoo's.

Jeff C.
-- 
Jeff Chan
mailto:jeffc at surbl.org
http://www.surbl.org/



More information about the Discuss mailing list