On Friday, September 10, 2004, 9:17:47 AM, Frank Ellermann wrote:
Jeff Chan wrote:
That should be almost impossible, in that case the hoster would be the spammer. In other words it's not your problem.
Probably right. It means the hoster has control over the IP, which I agree most virtual hosting customers do not have.
Thinking again (new day, more coffee): Let's say I'm the spammer and care shit about my account and other users. Then I could replace http://www.xyzzy.claranet.de/ by a traditional http://home.de.clara.net/xyzzy/. And I could replace the host by its IP http://212.82.225.58/xyzzy/. That could hit another http://212.82.225.58/user/. OTOH, why should "user" mention this kind of URL with an IP in his mail ? Even if he doesn't like http://www.user.claranet.de for obscure reasons he could still use the URL http://home.de.clara.net/user or http://home.claranet.de/user instead of an IP.
Certainly many users don't even know what a numeric IP address is, so I agree they'd be more likely to use a name. We do see a few IP addresses in spam URIs, but they're rare.
And I as spammer would know that users don't like IPs in URLs, I'd use a double redirection like http://xyzzy.webhop.info/. Abusing the IP makes no sense, neither directly nor as joe job.
But remember that some of the code using SURBLs *can* follow some redirection to the final destination. So the redirection doesn't always hide them.
Jeff C.