On Sunday, July 25, 2004, 7:11:17 PM, Rob McEwen wrote:
RE: someone found a way to beat SURBL
They take the following url:
and follow this by their own URL HTMLEncoded
The trick is for the parser to be able to find and decode this HTMLEncoded url when gathering URLs for checking against SURBL.
I purposely did not send this to the discussion group because I didn't want this to be "out there" for spammers to know about. However, it would be good for the various "parser writers" for the various software programs that work with SURBL to be aware of this.
Hi Rob, This sounds like redirection handling, for which there is code in SpamCopURI and urirhsbl, etc. The more specific question is whether that redirection handling code calls parsing code that knows how to decode HTML Encoded URLs. I'm hoping the answer is yes, but will leave it up to Eric Kolve, Justin Mason and other developers to answer (and/or update the code :-).
Jeff C.