[SURBL-Discuss] Redirectors and SURBLs

Jeff Chan jeffc at surbl.org
Sun Apr 17 03:23:45 CEST 2005


On Saturday, April 16, 2005, 1:39:02 PM, SM wrote:
> Why are open redirectors being abused?  The simple answer is because they
> are open.  The detailed answer is because some antispam filters perform URI 
> checks to block messages.  Is it be possible to detect which URIs are 
> redirectors and identify the target URIs instead of going on an open 
> redirect chase?

Yes, urirhssub in SpamAssassin 3 will check every visible URI, even
if it's mentioned within a redirector:

  http://some.redirector.com/blah/blah/http://some.othersite.com/

Both redirector.com and othersite.com above would get checked,
and including some variations on those.  But http://tinyurl.com/blah
won't get the redirected-to site checked since it's invisible in
the original message.

SpamCopURI in SpamAssassin 2.64 will check the redirected-to
sites of certain known redirector sites such as:

open_redirect_list_spamcop_uri   snurl.com              *.snurl.com
open_redirect_list_spamcop_uri   snipurl.com            *.snipurl.com
open_redirect_list_spamcop_uri   tinyclick.com          *.tinyclick.com
open_redirect_list_spamcop_uri   babyurl.com            *.babyurl.com
open_redirect_list_spamcop_uri   lin.kz                 *.lin.kz
open_redirect_list_spamcop_uri   *.v3.net
open_redirect_list_spamcop_uri   shorl.com              *.shorl.com
open_redirect_list_spamcop_uri   tinyurl.com            *.tinyurl.com
open_redirect_list_spamcop_uri   xurl.us

In addition, if the following conf is uncommented, it will ask the
redirection server to tell it the site being redirected to and
will then check that site:

# open redirect resolution off by default
# spamcop_uri_resolve_open_redirects 1

Perhaps the SpamAssassin and SpamCopURI authors can provide more
detailed info, corrections, etc. on the above, but the quick
answer is that some provisions for checking redirected-to sites
is already in place.

Jeff C.
--
"If it appears in hams, then don't list it."



More information about the Discuss mailing list