On Sunday, January 14, 2007, 4:24:17 PM, Kelly Jones wrote:
Thanks, Jeff. My mistake here. My example was too simple.
I was thinking more of things where the "http://" is replaced with "http/0/", or the URL is hex-encoded or percent-encoded, and even redirectors that don't need "http://" in the target at all.
In other words, redirectors where the target isn't obviously a URL. Simple examples:
http://redirector.site/http/0/www.target.site/path [no "http://"] http://redirector.site/www.target.site/path [no http at all] http://redirector.site/target.site/path [hard to tell this is a redirect]
Current SpamAssassin catches all of the above.
and even worse examples where the target site is "%23%26%29..." or whatever. Some redirectors "de-encode" %xx by accident, and spammers can use that to mask their domain name from SpamAssassin, etc.
These too, as Daryl mentions.
It'd be good to have a list of redirectors so any URL could be "canonized" and then people could check the canonized URL against SURBL.
Any list can be used by both the good guys and the bad guys.
Jeff C. -- Don't harm innocent bystanders.