[SURBL-Discuss] google is open redirector

Rakesh rakesh at netcore.co.in
Wed Mar 23 16:29:00 CET 2005


Matthew Wilson wrote:

>By the way, my only suggestion to combat this is to have the surbl
>client send an http request to google, to see what redirect site is
>returned, and then check *that* site in SURBL or in the other redirects.
>If the use of this technique picks up, google is going to have that
>additional burden.  
>
>  
>
This is a serious concern.  But your suggestion  would need a pretty 
good amount of change in code and similar technique can probably be used 
in other search engines. so first the code need to check whether the URL 
contains google or not and then fire the url and trap back the response. 
That may cause more delay in the reply. As  SURBL works on the DNS 
resolution and not on dynamic queries for every mails. Which will be 
required in this case.

What best we can do is look for FQDNs in the urls and if we find any 
also check them against SURBLs.

>Who really uses the "I'm Feeling Lucky" button anyway?
>
>  
>


-- 
Regards, 
Rakesh B. Pal
Emergic CleanMail Team.
Netcore Solutions Pvt. Ltd.

========================================================================
"First they ignore you. Then they laugh at you.
Then they fight you. Then you win."
                                                - M. Gandhi
========================================================================




More information about the Discuss mailing list