302 HTTP redirects Considered Harmful
The state of anti-phishing infrastructure nowadays is shocking. This trivial action, combined with a relatively fresh domain, results in immediate blocklisting by Google:
Digging through Google forums, I found the most reported culprit: 302 temporary redirects. I used one redirect (engramma.dev ? app.engramma.dev) to avoid building a landing page. In addition to a newly registered domain, this looks like an obvious issue. Security systems flag such redirects because malicious actors use them extensively.
It doesn't matter that "malicious actors use them extensively" if non-malicious actors do too. That's the definition of a false positive!
Then the next shitfest is from no less than 10 separate vendors copying the listing from Google and not including an automated system to pick up the list removal afterwards.
I've had experience of this part -- and now that I think of it, it may have been from use of 302 redirects in my case too.
(via Paul Watson)
Tags: http security infosec blocklists google phishing redirects 302 false-positives fail via:paulwatson