[SURBL-Discuss] google is open redirector

Chris Santerre csanterre at MerchantsOverseas.com
Wed Mar 23 18:14:47 CET 2005

John can I get your permission to add this to the SARE URI rules?


>-----Original Message-----
>From: John Wilcock [mailto:john at tradoc.fr]
>Sent: Wednesday, March 23, 2005 11:02 AM
>To: SURBL Discussion list
>Subject: Re: [SURBL-Discuss] google is open redirector
>Matthew Wilson wrote:
>> By the way, my only suggestion to combat this is to have the surbl
>> client send an http request to google, to see what redirect site is
>> returned, and then check *that* site in SURBL or in the 
>other redirects.
>> If the use of this technique picks up, google is going to have that
>> additional burden.  
>I've added a spamassassin rule for this (see below).
>I don't expect to see many false positives, though time will tell...
>As you say,
>> Who really uses the "I'm Feeling Lucky" button anyway?
># 2005-03-23 new rule
>uri	 local_GOOGLE_LUCKY	/(?:\bgoogle\b)*&btnI=/i
>describe local_GOOGLE_LUCKY	Redirect through Google Feeling Lucky
>score    local_GOOGLE_LUCKY	2.0
>-- Over 2500 webcams from ski resorts around the world - 
-- Translate your technical documents and web pages    - www.tradoc.fr

Discuss mailing list
Discuss at lists.surbl.org

More information about the Discuss mailing list