On 08/03/11 18:54, Dave Warren wrote:
On 8/3/2011 3:33 PM, Ron Guerin wrote:
SURBL Whitelisters wrote:
Perhaps the abusers have code that creates a shortened link but doesn't check that it works, and they spam the shortened link anyway whether it works or not.
I have found it to be the case, that abuse links are most often never checked to see if they actually work after creation. I don't really track hits to disabled redirections, so I'm not speaking from facts now, but I suspect at least some of the already disabled URLs do in fact get used even though they'd been disabled long before the actual abuse takes place. The kind of attention to detail I see in the abuse (I have one IP address that I blocked years ago that continually tries to submit abuse still) would not lead me to conclude they bother checking the URLs just before use either.
This makes sense, given the lack of attention to detail spammers put into their craft in general. Perhaps it would be worthwhile if SURBL's (and others') processes included checking pages for 400 error codes before sending (automated?) abuse reports?
Not sure if this is material to this discussion or not. This morning, we got some spam with URL's in it that pointed to fake 404 pages, which then tried to download a trojan exe from yet another site.
This was part of the Federal tax payment rejected (yes I am in the US) series that appeared overnight on my mail servers.
BTW, I routinely click on these as my normal workstation is a linux box and 99.9% of these target Windoze boxes.
Lyle Giese LCR Computer Services, Inc.