[SURBL-Discuss] Re: Unlisting IP addresses

Jeff Chan jeffc at surbl.org
Fri Sep 10 18:34:19 CEST 2004


On Friday, September 10, 2004, 9:17:47 AM, Frank Ellermann wrote:
> Jeff Chan wrote:
 
>>> That should be almost impossible, in that case the hoster
>>> would be the spammer.  In other words it's not your problem.
 
>> Probably right.  It means the hoster has control over the
>> IP, which I agree most virtual hosting customers do not have.

> Thinking again (new day, more coffee):  Let's say I'm the
> spammer and care shit about my account and other users.  Then I
> could replace <http://www.xyzzy.claranet.de/> by a traditional
> <http://home.de.clara.net/xyzzy/>.  And I could replace the
> host by its IP <http://212.82.225.58/xyzzy/>.  That could hit
> another <http://212.82.225.58/user/>.  OTOH, why should "user"
> mention this kind of URL with an IP in his mail ?  Even if he
> doesn't like <http://www.user.claranet.de> for obscure reasons
> he could still use the URL <http://home.de.clara.net/user> or
> <http://home.claranet.de/user> instead of an IP.

Certainly many users don't even know what a numeric IP address
is, so I agree they'd be more likely to use a name.  We do
see a few IP addresses in spam URIs, but they're rare.

> And I as spammer would know that users don't like IPs in URLs,
> I'd use a double redirection like <http://xyzzy.webhop.info/>.
> Abusing the IP makes no sense, neither directly nor as joe job.

But remember that some of the code using SURBLs *can*
follow some redirection to the final destination.  So the
redirection doesn't always hide them.

Jeff C.



More information about the Discuss mailing list