On 15/02/19 08:21, Phil Stracchino wrote:
Well, that's true in a lot of cases. But the low-hanging fruit here is the http://allyourclicks.com?bunchofstuff&redirect=http://realURLhere form.
Right, this is just one example. In most examples all you'll get is undecipherable gibberish, or a serial number which points to an entry in a database. There is no guarantee that the above URL will be in the "redirect" attribute, nor that it won't be URL-encoded or base64-encoded or another type of encoding even more obscure. Honestly for this to work at all you would have to play a whack-a-mole game of reverse-engineering each different type of encoding scheme and hoping to find a match, and even then most of the URLs will not be decode-able at all due to either using actual encryption to encode them, or not having the target URL in the link in any form at all.
After all of this you have no idea what you might be breaking by trying to decode and replace these links. Affiliate links would likely be broken, you could easily be stripping out coupon codes from links so that customers don't get discounts they were promised in a mailing, entire websites could look different or break entirely. None of this is to even mention the DKIM issues previously brought up, or the multipart formatting issues.
Really this is an idea best left alone. Peter
