I'm making a flyer to distribute at the CEAS spam conference next week and would appreciate any feedback on it please:
http://www.surbl.org/flyer.html
The audience should be mostly academics and some industry and Internet types who work on fighting spam. The conference appears to be mostly about technical and some legal theories for identifying and fighting spam. Here's the program:
http://www.ceas.cc/acceptedpapers.htm
Please send me your comments, improvements, suggestions, typos, errors, grammar, etc.
Jeff C.
RE: someone found a way to beat SURBL
They take the following url:
and follow this by their own URL HTMLEncoded
The trick is for the parser to be able to find and decode this HTMLEncoded url when gathering URLs for checking against SURBL.
I purposely did not send this to the discussion group because I didn't want this to be "out there" for spammers to know about. However, it would be good for the various "parser writers" for the various software programs that work with SURBL to be aware of this.
Rob McEwen PowerView Systems rob@PowerViewSystems.com (478) 475-9032
On Sunday, July 25, 2004, 7:11:17 PM, Rob McEwen wrote:
RE: someone found a way to beat SURBL
They take the following url:
and follow this by their own URL HTMLEncoded
The trick is for the parser to be able to find and decode this HTMLEncoded url when gathering URLs for checking against SURBL.
I purposely did not send this to the discussion group because I didn't want this to be "out there" for spammers to know about. However, it would be good for the various "parser writers" for the various software programs that work with SURBL to be aware of this.
Hi Rob, This sounds like redirection handling, for which there is code in SpamCopURI and urirhsbl, etc. The more specific question is whether that redirection handling code calls parsing code that knows how to decode HTML Encoded URLs. I'm hoping the answer is yes, but will leave it up to Eric Kolve, Justin Mason and other developers to answer (and/or update the code :-).
Jeff C.
On Sunday, July 25, 2004, 9:23:59 PM, Jeff Chan wrote:
On Sunday, July 25, 2004, 7:11:17 PM, Rob McEwen wrote:
They take the following url:
and follow this by their own URL HTMLEncoded
We should probably also ask Brad at Google if he can ask some folks there to consider using SURBLs to deny access to spammers, as other redirection sites are now doing.
Jeff C.
Hi Jeff,
I will look into this. I had already contacted the images.google.com people about the other redirect you mentioned, but it looks like there are some other holes.
-brad
On Sun, 25 Jul 2004 21:25:47 -0700, Jeff Chan jeffc@surbl.org wrote:
On Sunday, July 25, 2004, 9:23:59 PM, Jeff Chan wrote:
On Sunday, July 25, 2004, 7:11:17 PM, Rob McEwen wrote:
They take the following url:
and follow this by their own URL HTMLEncoded
We should probably also ask Brad at Google if he can ask some folks there to consider using SURBLs to deny access to spammers, as other redirection sites are now doing.
Jeff C.
Discuss mailing list Discuss@lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss
Can you send me a sample? SpamCopURI should handle these. If they don't, I should be able to add something to do it.
--eric
On Sun, Jul 25, 2004 at 10:11:17PM -0400, Rob McEwen wrote:
RE: someone found a way to beat SURBL
They take the following url:
and follow this by their own URL HTMLEncoded
The trick is for the parser to be able to find and decode this HTMLEncoded url when gathering URLs for checking against SURBL.
I purposely did not send this to the discussion group because I didn't want this to be "out there" for spammers to know about. However, it would be good for the various "parser writers" for the various software programs that work with SURBL to be aware of this.
Rob McEwen PowerView Systems rob@PowerViewSystems.com (478) 475-9032
Discuss mailing list Discuss@lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss
On Sun, Jul 25, 2004 at 10:11:17PM -0400, Rob McEwen wrote:
and follow this by their own URL HTMLEncoded
As with the other SURBL tools you've heard about, qpsmtpd's uribl has been immune to this trick since its first revision, along with URI encoding, HTML entity encoding, quoted-printable escape-obfuscation, and missing or backslash obfuscation.
Jeff Chan wrote:
I'm making a flyer to distribute at the CEAS spam conference next week and would appreciate any feedback on it please:
MailScanner is listed as a product that can utilize SURBL, but I don't know if that makes sense since MailScanner only uses it via SpamAssassin. If you list MailScanner you might as well list Amavis and all the other fancy ways of calling SA.
Daniel
On Tuesday, July 27, 2004, 12:27:59 AM, Daniel Kleinsinger wrote: (Jeff C. wrote:)
I'm making a flyer to distribute at the CEAS spam conference next week and would appreciate any feedback on it please:
MailScanner is listed as a product that can utilize SURBL, but I don't know if that makes sense since MailScanner only uses it via SpamAssassin. If you list MailScanner you might as well list Amavis and all the other fancy ways of calling SA.
Thanks for your feedback Daniel. To be honest, I'm not familiar with MailScanner. Does MailScanner include or depend on SA? The main reason I was aware of MailScanner is that I heard from some users that they were using SURBLs.
Jeff C.
Jeff Chan wrote:
If you list MailScanner you might as well list Amavis and all the other fancy ways of calling SA.
Thanks for your feedback Daniel. To be honest, I'm not familiar with MailScanner. Does MailScanner include or depend on SA? The main reason I was aware of MailScanner is that I heard from some users that they were using SURBLs.
Jeff C.
http://mailscanner.info MailScanner doesn't include or depend on SA (without SA one can still check for viruses and do old fashioned RBL lookups), but the only way to have MailScanner check SURBLs is to utilize its ability to call SA 2.63 + SpamCopURI or SA 3.0.
Daniel
On Tuesday, July 27, 2004, 1:36:53 AM, Daniel Kleinsinger wrote:
http://mailscanner.info MailScanner doesn't include or depend on SA (without SA one can still check for viruses and do old fashioned RBL lookups), but the only way to have MailScanner check SURBLs is to utilize its ability to call SA 2.63
- SpamCopURI or SA 3.0.
OK Thanks for that. I've taken MailScanner off the flyer.
http://www.surbl.org/flyer.html
Does anyone have any other comments for me?
Jeff C.
Jeff Chan wrote:
http://www.surbl.org/flyer.html Does anyone have any other comments for me?
For obscure reasons my browser doesn't like your new version with frames, but I found a working simplification:
<frameset rows="10%,80%,10%" frameborder="0"> <FRAME src="flyer-top.html" frameborder="0" > <FRAMESET cols="50%,50%" frameborder="0"> <FRAME src="flyer-col1.html" frameborder="0" > <FRAME src="flyer-col2.html" frameborder="0" > </FRAMESET> <FRAME src="flyer-bottom.html" frameborder="0" > </frameset>
Hello Jeff,
You can include j-chkmail on the list. The version with URLBL enabled is a snapshot, but it's already running on some huge production servers. And people are happy with.
Also, I didn't see your name on the program...
Jeff Chan wrote:
I'm making a flyer to distribute at the CEAS spam conference next week and would appreciate any feedback on it please:
http://www.surbl.org/flyer.html
The audience should be mostly academics and some industry and Internet types who work on fighting spam. The conference appears to be mostly about technical and some legal theories for identifying and fighting spam. Here's the program:
http://www.ceas.cc/acceptedpapers.htm
Please send me your comments, improvements, suggestions, typos, errors, grammar, etc.
Jeff C.
Discuss mailing list Discuss@lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss
On Tuesday, July 27, 2004, 2:32:54 AM, Jose Cruz wrote:
Hello Jeff,
You can include j-chkmail on the list. The version with URLBL enabled is a snapshot, but it's already running on some huge production servers. And people are happy with.
Thanks, I've added mention of j-chkmail to the flyer. Please let us know when SURBL support goes into production and we can announce it more broadly, etc.
Also, I didn't see your name on the program...
Yes, I didn't hear about the conference until after the call for papers had closed. However they will have an area for flyers and I plan to bring a stack of them.
Jeff C. __
Jeff Chan wrote:
I'm making a flyer to distribute at the CEAS spam conference next week and would appreciate any feedback on it please:
http://www.surbl.org/flyer.html
The audience should be mostly academics and some industry and Internet types who work on fighting spam. The conference appears to be mostly about technical and some legal theories for identifying and fighting spam. Here's the program:
http://www.ceas.cc/acceptedpapers.htm
Please send me your comments, improvements, suggestions, typos, errors, grammar, etc.
Jeff C.
Discuss mailing list Discuss@lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss
Jeff C.
Jeff Chan wrote:
On Tuesday, July 27, 2004, 2:32:54 AM, Jose Cruz wrote:
Hello Jeff,
You can include j-chkmail on the list. The version with URLBL enabled is a snapshot, but it's already running on some huge production servers. And people are happy with.
Thanks, I've added mention of j-chkmail to the flyer. Please let us know when SURBL support goes into production and we can announce it more broadly, etc.
But please change the URL to
That one on sourceforge is out of date.
-
Bradley Taylor -
Daniel Kleinsinger -
Devin Carraway -
Eric Kolve -
Frank Ellermann -
Jeff Chan -
Jose Marcio Martins da Cruz -
Rob McEwen