Yes. it immediately exposes a backchannel from the spam to the spammer, thereby enabling a number of interesting security holes.
--j. On Wed, May 27, 2009 at 05:25, Rob McEwen <r...@invaluement.com> wrote: > Jason Haar wrote: >> Why can't SURBL be expanded to support >> full URLs instead of just the hostname? That way you could blacklist >> "a.bad.domain" as well as "xttx://tinyurl . com/redirect-to-bad-domain"? >> Some form of BASE64 encoding would be needed of course, but why not? > > Because spammers could easily generate a unique URL for each individual > spam. They could then map this back to listings in URI blacklists and > use that as a very cheap and effective way to listwash. And they only > need to add a single astricked hostname in their DNS server to > accomplish this. As a result of this and similar tactics, URI lists > would bloat exponentially and this would slow down the propagation of > the data to rsync users and to DNS mirrors, as well as bringing the > backend processing to its knees. Finally, there is some amount of > reputation and registration (even if hidden) associated with a domain > due to the fact that a domain *requires* ownership. URLs and subdomains > are more ambiguous, which then also makes removal requests extremely > subjective and murky process. > > -- > Rob McEwen > http://dnsbl.invaluement.com/ > r...@invaluement.com > +1 (478) 475-9032 > > >
