[SURBL-Discuss] More spams with Zdnet redirector

Jeff Chan jeffc at surbl.org
Thu Apr 7 12:47:46 CEST 2005

On Thursday, April 7, 2005, 2:58:19 AM, Nick Askew wrote:
> The vast majority of people on the Internet do not know or care what ZDNet 
> is. The only time they are going to see a ZDNet URL is when it arrives as 
> part of some spam. They would quickly benefit if ZDNet was listed.

I disagree.  ZDnet is a well known technology news site.
If we listed it, then anyone who mentioned their site could
get their message blocked.  I think that would be wrong.

> If I were to open my SMTP server so that any spammer could use it to 
> redirect mail I'd be prepared to bet that I would end up (quite rightly) on 
> a black list within hours and yet despite the warnings ZDNet have taken 
> weeks and done next to nothing and are still not black listed.

Sure, but sender RBLs are not the same as what we're doing.
Listing a mail server/sender is not the same as listing a domain
to be checked against URIs.  If we listed your domain askew.nl it
would mean mentions of your web site would get messages blocked.
That has a lot more impact than just blacklisting your mail
server since it means no one (using SURBLs) would hear mention
your web site.

Many people keep thinking in terms of old-fashioned RBLs, but
we're doing something quite different.  :-)

> Actually it's just occured to me that all this illicit spam traffic could be 
> quite useful for someone running a redirector. All they need to do is make 
> it look like you are open for a couple of weeks and get the spammers really 
> interested. Then intercept the illegal redirects to create traffic for their 
> own site. They can effectively spam anyone they want without having to worry 
> about the implications because after all they didn't actually do anything 
> wrong. I'll have to quickly create my own redirector and then sit back and 
> wait for the hits.

Not sure what you're saying.  If spammers created their own
domains for redirecting spam, we would blacklist those domains
and blacklist the domains they redirected to.

I doubt that any legitimate organizations would gain much from
intercepting and redirecting spammer's use of their redirectors.
More likely it would make people mad at them for appearing to
advertise their own site using spam.  How many spam fighters
would like that?  Probably not many.

Jeff C.
"If it appears in hams, then don't list it."

More information about the Discuss mailing list