[SURBL-Discuss] More spams with Zdnet redirector
Patrik Nilsson
patrik at patrik.com
Thu Apr 7 21:45:51 CEST 2005
At 00:13 2005-04-07 -0700, Jeff Chan wrote:
>On Wednesday, April 6, 2005, 11:58:31 PM, Nick Askew wrote:
> > Jeff,
>
> > So it seems that there is an obvious loophole in SURBL. As long as the
> > spammer uses a legitimate business running a redirector you will never
> black
> > list them (perhaps the spammer could even set up their own legitimate
> > redirector). This open redirector discussion for ZDNET has been open for
> > several weeks now, they have had more than ample warning.
>
> > Nick
>
>No, it's not a loophole. Programs like SpamAssassin and
>SpamCopURI correctly parse some redirection sites like
>g.msn.com and check the redirected-to site.
That workaround is part of the problem, not part of the solution.
If we encourage client implementations to work around the problem in that
way, we will always have:
1. Clients that need to be updated with the latest redirectors, unless we
provide and encourage implementations to use a constantly updated online
source of redirectors.
2. Major redirectors getting included in the special work-arounds, like
Google, and smaller ones not getting included.
If we believe that open redirectors are bad, we should not solve the
problem by working around a few major ones that we are currently aware of.
Patrik
More information about the Discuss
mailing list