[SURBL-Discuss] google is open redirector

John Wilcock john at tradoc.fr
Wed Mar 23 17:02:24 CET 2005


Matthew Wilson wrote:
> By the way, my only suggestion to combat this is to have the surbl
> client send an http request to google, to see what redirect site is
> returned, and then check *that* site in SURBL or in the other redirects.
> If the use of this technique picks up, google is going to have that
> additional burden.  

I've added a spamassassin rule for this (see below).
I don't expect to see many false positives, though time will tell...
As you say,

> Who really uses the "I'm Feeling Lucky" button anyway?


# 2005-03-23 new rule
uri	 local_GOOGLE_LUCKY	/(?:\bgoogle\b)*&btnI=/i
describe local_GOOGLE_LUCKY	Redirect through Google Feeling Lucky
score    local_GOOGLE_LUCKY	2.0


John.

-- 
-- Over 2500 webcams from ski resorts around the world - www.snoweye.com
-- Translate your technical documents and web pages    - www.tradoc.fr



More information about the Discuss mailing list