On Wednesday, June 2, 2004, 2:10:58 PM, Lucas Albers wrote:
I noticed this release does not have support for:
open_redirect_list_spamcop_uri drs.yahoo.com open_redirect_list_spamcop_uri rd.yahoo.com
Why not?
Should I just add them back in?
I currently has these listed: open_redirect_list_spamcop_uri snurl.com *.snurl.com open_redirect_list_spamcop_uri snipurl.com *.snipurl.com open_redirect_list_spamcop_uri tinyclick.com *.tinyclick.com open_redirect_list_spamcop_uri babyurl.com *.babyurl.com open_redirect_list_spamcop_uri lin.kz *.lin.kz open_redirect_list_spamcop_uri *.v3.net open_redirect_list_spamcop_uri shorl.com *.shorl.com open_redirect_list_spamcop_uri tinyurl.com *.tinyurl.com open_redirect_list_spamcop_uri xurl.us
As I understand it, SpamCopURI only handles "open" redirects where the redirected-to site is visible in the original URI.
I'm not sure why/if the yahoo redirectors came out of the list. Perhaps Eric Kolve can comment.
"Opaque" redirection sites, which encode or otherwise obscure the destination URI, such as tinyurl.com, are not currently handled in SpamCopURI (SA 2.63) or urirhsbl (SA 3.0), due to potential resource issues. Following such redirections would incur network access, timeouts, etc. that would probably be unusable on a mail system with significant message volume.
Jeff C.
From: "Jeff Chan"
As I understand it, SpamCopURI only handles "open" redirects where the redirected-to site is visible in the original URI.
I'm not sure why/if the yahoo redirectors came out of the list. Perhaps Eric Kolve can comment.
"Opaque" redirection sites, which encode or otherwise obscure the destination URI, such as tinyurl.com, are not currently handled in SpamCopURI (SA 2.63) or urirhsbl (SA 3.0), due to potential resource issues. Following such redirections would incur network access, timeouts, etc. that would probably be unusable on a mail system with significant message volume.
SpamCopURI can resolve both types of redirectors. This is because (when enabled) it will go out and connect to the web server for the spamvertized site IF that site is listed as an open redirector. If spamcopuri gets a 3XX return code from the web server, this will contain the redirected to url. (If the url is also an open redirector, then the operation is repeated up to 4 times to pick up nested chains of redirectors).
There is nothing specific to this functionality which would apply to yahoo and not to tinyurl. tinyurl is actually already included in the sample rules file.
This is my current setup: open_redirect_list_spamcop_uri drs.yahoo.com open_redirect_list_spamcop_uri rd.yahoo.com *.rd.yahoo.com open_redirect_list_spamcop_uri ads.msn.com g.msn.com open_redirect_list_spamcop_uri snipurl.com *.snipurl.com open_redirect_list_spamcop_uri tinyclick.com *.tinyclick.com open_redirect_list_spamcop_uri babyurl.com *.babyurl.com open_redirect_list_spamcop_uri lin.kz *.lin.kz open_redirect_list_spamcop_uri *.v3.net open_redirect_list_spamcop_uri shorl.com *.shorl.com open_redirect_list_spamcop_uri tinyurl.com *.tinyurl.com open_redirect_list_spamcop_uri google.com *.google.com open_redirect_list_spamcop_uri xurl.us
It would be a good idea to add any of these which are missing to the default configuration.
I think the confusion may be around the definition of an *open* redirector. AFAIK, in this context "open" is meant to indicate those sites which allow anyone to create a redirected url without any type or registration, so that there is little chance of stopping the service being abused by spammers (like an open mail relay which will allow anyone to use it without a prior arrangement with the mail server admin).
In reality, the spamcopuri code is general and will work whether the url destination is in "clear" or "opaque" or whether it was created by a registered or unregistered user of the redirection service (which it can't possibly know).
John
On Wednesday, June 2, 2004, 11:39:02 PM, John Fawcett wrote:
From: "Jeff Chan"
As I understand it, SpamCopURI only handles "open" redirects where the redirected-to site is visible in the original URI.
I'm not sure why/if the yahoo redirectors came out of the list. Perhaps Eric Kolve can comment.
"Opaque" redirection sites, which encode or otherwise obscure the destination URI, such as tinyurl.com, are not currently handled in SpamCopURI (SA 2.63) or urirhsbl (SA 3.0), due to potential resource issues. Following such redirections would incur network access, timeouts, etc. that would probably be unusable on a mail system with significant message volume.
SpamCopURI can resolve both types of redirectors. This is because (when enabled) it will go out and connect to the web server for the spamvertized site IF that site is listed as an open redirector. If spamcopuri gets a 3XX return code from the web server, this will contain the redirected to url. (If the url is also an open redirector, then the operation is repeated up to 4 times to pick up nested chains of redirectors).
There is nothing specific to this functionality which would apply to yahoo and not to tinyurl. tinyurl is actually already included in the sample rules file.
Thanks much for the clarification John.
Jeff C.