[SURBL-Discuss] Redirects and obfuscated urls

John Fawcett johnml at michaweb.net
Tue Apr 13 12:07:58 CEST 2004


I saw a post on NANAE over the weekend about surbl
and it looks like one of the best ideas I've seen.

Almost every spam mail I get contains a spamvertized
domain, so with good data this method has the potential to
block nearly 100% of spam.

Spamvertized domains are an essential resource for
spammers and are usually longer lived then the
abused servers used to send out spam runs.

I've set up SpamAssassin and SpamCopURI.
I've checked the emails which are not being picked
up by surbl and there is a recurring pattern:
1) Redirects
2) Obfuscated urls

For example, this was not picked up.
<a
href=http://drs.yahoo.com/higherillomened./mensuraltalk/*%68ttp://enginery.s
hopinternetbuy.biz/%75n%73ub.html target=_blank>

shopinternetbuy.biz is in sc.surbl.org.

The logic of the parsing engine needs to be
enhanced to deal with these cases. This is
probably only the start, because spammers
will find other ways to get around surbl
once it starts being used widely.

I'd offer to look at it, but I wouldn't
know where to start with perl.

John







More information about the Discuss mailing list