[SURBL-Discuss] Redirectors and SURBLs

Jeff Chan jeffc at surbl.org
Mon Apr 18 08:02:19 CEST 2005

On Sunday, April 17, 2005, 10:37:38 PM, Justin Mason wrote:
> Jeff Chan writes:

>> Right.  And obfuscation of the redirected-to "http" seems to be
>> enough to confuse SA 3 into not extracting the second URI.  Maybe
>> we should make a Bugzilla ticket about that?

> if you find one that SpamAssassin 3.1.0 doesn't decode correctly,
> sure ;)   I thought we had those nailed.

TBH, I don't know about 3.1, but here's one that 3.0 does not
parse correctly.  Perhaps someone can test it in 3.1:

<DIV align=left><FONT face=Verdana size=3><A href="http://r.lycos.com/r/kg_xnsdaz_dqcuewqk/http://wxmnuiuskn.net&xkvo3rhsp6mbz6nky9.coh
cnhk.com/">Cl9ick her6e, - no prescr1iption requir7ed!

Note the URI split over three lines and has a probably non-RFC
compliant & in the host name to block parsing.  Here's how 3.0
handles it:

> debug: uri found: http://wxmnuiuskn.net&xkvo3rhsp6mbz6nky9.cohunehcnhk.com-MUNGED/
> debug: uri found: http://r.lycos.com/r/kg_xnsdaz_dqcuewqk/http://wxmnuiuskn.net&xkvo3rhsp6mbz6nky9.cohunehcnhk.com-MUNGED/
> debug: URIDNSBL: domains to query: lycos.com wxmnuiuskn.net

Where in fact the unqualified destination domain appears to be

Jeff C.
"If it appears in hams, then don't list it."

More information about the Discuss mailing list