[SURBL-Discuss] List of URL redirectors and Perl code to parse them?

Kelly Jones kelly.terry.jones at gmail.com
Mon Jan 15 01:24:17 CET 2007


Thanks, Jeff. My mistake here. My example was too simple.

I was thinking more of things where the "http://" is replaced with
"http/0/", or the URL is hex-encoded or percent-encoded, and even
redirectors that don't need "http://" in the target at all.

In other words, redirectors where the target isn't obviously a
URL. Simple examples:

http://redirector.site/http/0/www.target.site/path [no "http://"]
http://redirector.site/www.target.site/path [no http at all]
http://redirector.site/target.site/path [hard to tell this is a redirect]

and even worse examples where the target site is "%23%26%29..." or
whatever. Some redirectors "de-encode" %xx by accident, and spammers
can use that to mask their domain name from SpamAssassin, etc.

It'd be good to have a list of redirectors so any URL could be
"canonized" and then people could check the canonized URL against SURBL.

-- 
We're just a Bunch Of Regular Guys, a collective group that's trying
to understand and assimilate technology. We feel that resistance to
new ideas and technology is unwise and ultimately futile.

On 1/10/07, Jeff Chan <jeffc at surbl.org> wrote:
> On Wednesday, December 20, 2006, 7:13:36 AM, Kelly Jones wrote:
> > I know that rd.yahoo.com (for example) is a URL redirector that
> > spammers use to get around SURBL.
>
> > I also know that if I see a URL like rd.yahoo.com/?http://foo.bar.com,
> > I should actually lookup bar.com.multi.surbl.org.
>
> SpamAssassin checks anything that looks like a domain in.  In the
> example above, it would parse out yahoo.com and bar.com.  It would
> only check bar.com since yahoo.com is on its local whitelist
> (list of domains to exclude from checking).  Other programs may
> do similar or different things with redirection sites.
>
> > Is there a fairly complete list of URL redirectors I could use, along
> > with code (ideally Perl code) that converts/de-obfuscates "redirector
> > URL" to "target URL"?
>
> If you find any, please let us know.
>
> Cheers,
>
> Jeff C.
> --
> Don't harm innocent bystanders.


More information about the Discuss mailing list