[SURBL-Discuss] RE: ZDNET redirecting to spammer websites?

Rose, Bobby brose at med.wayne.edu
Tue Mar 22 13:13:33 CET 2005


Even though zdnet.com shouldn't be in SURBL, wouldn't having
chkpt.zdnet.com (the actually site doing the redirect) be in SURBL?

-----Original Message-----
From: Jeff Chan [mailto:jeffc at surbl.org] 
Sent: Tuesday, March 22, 2005 12:38 AM
To: users at spamassassin.apache.org
Cc: SURBL Discuss
Subject: Re: ZDNET redirecting to spammer websites?

On Monday, March 21, 2005, 11:32:45 AM, Bobby Rose wrote:
> Wouldn't this just be something that SURBL should take care of?  If 
> this URL is the source of spam then it should be in SURBL regardless 
> if it's in the zdnet.com domain.  Right!?

Which domain are you referring to?

zdnet.com should not be in SURBLs because it has too many legitimate
uses.  If we listed zdnet.com that would surely result in false
positives.

On the other hand viags.com and simply-rx.net should be listed in
SURBLs, *and they are*.

What's needed is for applications like SpamAssassin to parse the
redirection correctly and check both zdnet.com and viags.com.
zdnet.com should not match SURBLs, but viags.com should.

QED.

Jeff C.
__

> -----Original Message-----
> From: Rosenbaum, Larry M. [mailto:rosenbaumlm at ornl.gov]
> Sent: Monday, March 21, 2005 10:35 AM
> To: users at spamassassin.apache.org
> Subject: ZDNET redirecting to spammer websites?

> We received a drug spam containing the following URL:

> http://chkpt.zdnet.com/chkpt/supposedtoallow/fdl%2ev%69%61%67%73.co%6d
> /p
> /b/kmioa

> This URL will actually take you to fdl.viags.com (which then goes to 
> www.simply-rx.net).  As far as I know, the SA SURBL check will check 
> zdnet.com, not the spammer domain viags.com.  What is going on here, 
> and what should we do about it?

> Larry




Jeff C.
--
Jeff Chan
mailto:jeffc at surbl.org
http://www.surbl.org/




More information about the Discuss mailing list