[SURBL-Discuss] More spams with Zdnet redirector

Jeff Chan jeffc at surbl.org
Fri Apr 8 04:55:27 CEST 2005

On Thursday, April 7, 2005, 12:45:51 PM, Patrik Nilsson wrote:
> At 00:13 2005-04-07 -0700, Jeff Chan wrote:
>>On Wednesday, April 6, 2005, 11:58:31 PM, Nick Askew wrote:
>> > Jeff,
>> > So it seems that there is an obvious loophole in SURBL. As long as the
>> > spammer uses a legitimate business running a redirector you will never 
>> black
>> > list them (perhaps the spammer could even set up their own legitimate
>> > redirector). This open redirector discussion for ZDNET has been open for
>> > several weeks now, they have had more than ample warning.
>> > Nick
>>No, it's not a loophole.  Programs like SpamAssassin and
>>SpamCopURI correctly parse some redirection sites like
>>g.msn.com and check the redirected-to site.

> That workaround is part of the problem, not part of the solution.

> If we encourage client implementations to work around the problem in that 
> way, we will always have:

> 1. Clients that need to be updated with the latest redirectors, unless we 
> provide and encourage implementations to use a constantly updated online 
> source of redirectors.

> 2. Major redirectors getting included in the special work-arounds, like 
> Google, and smaller ones not getting included.

> If we believe that open redirectors are bad, we should not solve the 
> problem by working around a few major ones that we are currently aware of.

> Patrik 

Our solution is to detect and check the big ones, and try
to get all of them to not be open to spammers.

What's your solution?  Blacklisting all open redirectors?
So no one should be able to mention them?

Jeff C.
"If it appears in hams, then don't list it."

More information about the Discuss mailing list