[SURBL-Discuss] large number of empty URIs preceeding actual one

Jeff Chan jeffc at surbl.org
Fri Jun 4 09:37:23 CEST 2004

Not sure if this is a new type of spam or not:


This example I just received had many real or joe job URIs
with no text in the anchor like:

  <a href=3D"http://www.elysian-MUNGED.com"></a>

Perhaps it's trying to run out some counters, but the real
target domain is visible as the last "removal" URI:

  <a href=3D"http://=

> Name:    fitch7826drug.us
> Address:

Where this IP is in sbl.spamhaus.org of course.

The "ordering" link just before it was broken (no dot, at
least in my MUA, The Bat!):

  <a href=3D"http://fitch7826drug=

Interestingly SpamCop did parse the message correctly in terms
of ignoring the blank anchors and finding only the clickable

That said, if urirhsbl or SpamCopURI limit the number of
URIs checked, these could sneak through.  A useful behavior
might be to ignore any non-clickable anchors, if we're not
already doing that.

Jeff C.
Jeff Chan
mailto:jeffc at surbl.org

More information about the Discuss mailing list