On Saturday, April 16, 2005, 1:39:02 PM, SM wrote:
Why are open redirectors being abused? The simple answer is because they are open. The detailed answer is because some antispam filters perform URI checks to block messages. Is it be possible to detect which URIs are redirectors and identify the target URIs instead of going on an open redirect chase?
Yes, urirhssub in SpamAssassin 3 will check every visible URI, even if it's mentioned within a redirector:
http://some.redirector.com/blah/blah/http://some.othersite.com/
Both redirector.com and othersite.com above would get checked, and including some variations on those. But http://tinyurl.com/blah won't get the redirected-to site checked since it's invisible in the original message.
SpamCopURI in SpamAssassin 2.64 will check the redirected-to sites of certain known redirector sites such as:
open_redirect_list_spamcop_uri snurl.com *.snurl.com open_redirect_list_spamcop_uri snipurl.com *.snipurl.com open_redirect_list_spamcop_uri tinyclick.com *.tinyclick.com open_redirect_list_spamcop_uri babyurl.com *.babyurl.com open_redirect_list_spamcop_uri lin.kz *.lin.kz open_redirect_list_spamcop_uri *.v3.net open_redirect_list_spamcop_uri shorl.com *.shorl.com open_redirect_list_spamcop_uri tinyurl.com *.tinyurl.com open_redirect_list_spamcop_uri xurl.us
In addition, if the following conf is uncommented, it will ask the redirection server to tell it the site being redirected to and will then check that site:
# open redirect resolution off by default # spamcop_uri_resolve_open_redirects 1
Perhaps the SpamAssassin and SpamCopURI authors can provide more detailed info, corrections, etc. on the above, but the quick answer is that some provisions for checking redirected-to sites is already in place.
Jeff C. -- "If it appears in hams, then don't list it."