Hello,
Is this something Yahoo should be concerned with? Would SURBL lists flag spam if the leading url was yahoo?
http://rds.yahoo.com/*-http://www.thelumbercartel.com/
I caught a few spams using yahoo to disguise their URL. saw somthing like this:
http://rds.yahoo.com/S=1/K=r/v=3/e=0/t=0/i=1/r=1/*-http://google.com.s1gns.n...
Just curious what you guys thought.
On Monday, May 16, 2005, 11:11:46 PM, J. Fowler wrote:
Hello,
Is this something Yahoo should be concerned with?
Yes.
Would SURBL lists flag spam if the leading url was yahoo?
No, but SURBL lists don't flag anything. That's left to the application using SURBLs.
In the case of SpamAssassin, it would check thelumbercartel.com and also yahoo.com (SA 3.X, but not SA 2.64). If thelumbercartel.com were blacklisted, then it would get caught.
I caught a few spams using yahoo to disguise their URL. saw somthing like this:
http://rds.yahoo.com/S=1/K=r/v=3/e=0/t=0/i=1/r=1/*-http://google.com.s1gns.n...
Just curious what you guys thought.
If you run it through SpamAssassin or any other application that knows how to deal with visible redirections like this you should see it detected correctly.
See for example:
http://www.surbl.org/faq.html#redirect
Cheers,
Jeff C. -- Don't harm innocent bystanders.
Hi!
Is this something Yahoo should be concerned with? Would SURBL lists flag spam if the leading url was yahoo?
Nope.
http://rds.yahoo.com/*-http://www.thelumbercartel.com/
I caught a few spams using yahoo to disguise their URL. saw somthing like this:
The old plugin could follow these links....
Bye, Raymond.
On Tuesday, May 17, 2005, 2:38:07 AM, Raymond Dijkxhoorn wrote:
http://rds.yahoo.com/*-http://www.thelumbercartel.com/
I caught a few spams using yahoo to disguise their URL. saw somthing like this:
The old plugin could follow these links....
SpamAssasin 3 checks all the visible links. So it checks yahoo.com and thelumbercartel.com . I ran the message through spamassassin -D and the output is below. (It actually skips yahoo.com because it's in the skip list (local whitelist), but if it weren't, it too would be checked.)
Jeff C. __
debug: uri found: http://rds.yahoo.com/*-http://www.thelumbercartel.com/ debug: uri found: mailto:Discuss@lists.surbl.org debug: uri found: http://www.thelumbercartel.com/ debug: uri found: http://lists.surbl.org/mailman/listinfo/discuss debug: URIDNSBL: found domain yahoo.com in skip list debug: URIDNSBL: domains to query: surbl.org thelumbercartel.com debug: is Net::DNS::Resolver available? yes debug: Net::DNS version: 0.48 debug: all '*From' addrs: discuss-bounces@lists.surbl.org raymond@surbl.org debug: Running tests for priority: 0 debug: running header regexp tests; score so far=0 debug: registering glue method for check_hashcash_double_spend (Mail::SpamAssass in::Plugin::Hashcash=HASH(0x8ba1500)) debug: registering glue method for check_for_spf_helo_pass (Mail::SpamAssassin:: Plugin::SPF=HASH(0x8bb208c)) debug: SPF: checking HELO (helo=mailbox.prolocation.net, ip=81.23.230.7) debug: SPF: trimmed HELO down to 'prolocation.net' debug: SPF: cannot load or create Mail::SPF::Query module debug: forged-HELO: from=prolocation.net helo=prolocation.net by=freeapp.net debug: forged-HELO: from=(undef) helo=prolocation.net by=prolocation.net debug: forged-HELO: from=prolocation.net helo=prolocation.net by=prolocation.net debug: forged-HELO: from=prolocation.net helo=prolocation.net by=prolocation.net debug: forged-HELO: from=prolocation.net helo=prolocation.net by=prolocation.net debug: forged-HELO: from=(undef) helo=prolocation.net by=prolocation.net debug: registering glue method for check_hashcash_value (Mail::SpamAssassin::Plu gin::Hashcash=HASH(0x8ba1500)) debug: all '*To' addrs: surbl@supranet.net discuss@lists.surbl.org debug: registering glue method for check_for_spf_softfail (Mail::SpamAssassin::P lugin::SPF=HASH(0x8bb208c)) debug: SPF: relayed through one or more trusted relays, cannot use header-based Envelope-From, skipping debug: registering glue method for check_for_spf_pass (Mail::SpamAssassin::Plugi n::SPF=HASH(0x8bb208c)) debug: registering glue method for check_for_spf_helo_softfail (Mail::SpamAssass in::Plugin::SPF=HASH(0x8bb208c)) debug: registering glue method for check_for_spf_helo_fail (Mail::SpamAssassin:: Plugin::SPF=HASH(0x8bb208c)) debug: running body-text per-line regexp tests; score so far=0 debug: running uri tests; score so far=0 debug: registering glue method for check_uridnsbl (Mail::SpamAssassin::Plugin::U RIDNSBL=HASH(0x8b8c6e0)) debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8b8c6e0) implements ' check_tick' debug: URIDNSBL: query for thelumbercartel.com took 0 seconds to look up (multi. surbl.org.:thelumbercartel.com) debug: URIDNSBL: query for surbl.org took 0 seconds to look up (multi.surbl.org. :surbl.org) debug: URIDNSBL: queries completed: 4 started: 12 debug: URIDNSBL: queries active: at Tue May 17 05:42:30 2005 debug: running raw-body-text per-line regexp tests; score so far=0 debug: running full-text regexp tests; score so far=0 debug: DCCifd is not available: no r/w dccifd socket found. debug: Running tests for priority: 500 debug: URIDNSBL: queries completed: 12 started: 12 debug: URIDNSBL: queries active: at Tue May 17 05:42:30 2005 debug: RBL: success for 33 of 33 queries debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8b8c6e0) implements ' check_post_dnsbl' debug: URIDNSBL: queries completed: 0 started: 0 debug: URIDNSBL: queries active: DNSBL=12 at Tue May 17 05:42:30 2005 debug: waiting 2 seconds for URIDNSBL lookups to complete debug: URIDNSBL: queries completed: 0 started: 0 debug: URIDNSBL: queries active: DNSBL=12 at Tue May 17 05:42:30 2005 debug: URIDNSBL: query for thelumbercartel.com took 1 seconds to look up (sbl.sp amhaus.org.:185.244.49.64) [...] debug: URIDNSBL: queries completed: 12 started: 0 debug: URIDNSBL: queries active: at Tue May 17 05:42:31 2005 debug: done waiting for URIDNSBL lookups to complete
-- Don't harm innocent bystanders.
-
J. Fowler -
Jeff Chan -
Raymond Dijkxhoorn