Rob McEwen wrote:
http://cgi4.ebay.com/ws/eBayISAPI.dll?MfcISAPICommand=RedirectToDomain&D... inUrl=http://mymt.co.kr/.cgi-bin/eBaySuspension/signin.ebay.com/aw-%3Ecgi/sec
ure/eBayISAPI.dllSignIn-ssPageName->hhsin.php?MfcISAPICommand=SignInFPP&Usin gSSL=1&email=
Erm, it's called a redirector. Did you try the URL? ebay's site redirects to the URL in the DomainURL parameter.
Whatever you call it, it's bad news for any parser which might not grab and extract the referenced URL for SURBL checking.
Also, this leads to additional questions:
(1) Are there legitimate "business purposes" for ebay to have such a redirector in the first place?
To a certain limited extent, yes
(2) If so, are there legitimate reasons for such a redirector to EVER show up in legitimate e-mails?
To that extent, yes
(3) If not, does anyone know of a "clearinghouse" page where ALL such types of redirectors are listed so that rules could be built to block e-mails containing these (using rules-based blocking)? Also, are there already SA rules for such?
Rob McEwen
eBay should certainly realize that they are imparting a degree of authority to URLs that are redirected in this manner. They may even be liable for damages. Best practices probably dictate that they keep a list of URLs that are legitimate redirection destinations, and limit redirection to those URLs - on attempts to feed the redirector any other URL, they should pop up big ugly error messages saying "someone's trying to phish you (or maybe we forgot to update our list)"
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"
-
Matthew.van.Eerde@hbinc.com