> -----Original Message-----
> From: Frank Pineau [mailto:[EMAIL PROTECTED]]
> Sent: Martes, 08 de Octubre de 2002 18:49
> To: Spamassassin List
> Subject: Re: [SAtalk] New spammer trick (aka: stupid browser trick)
>
>
> On Tue, 8 Oct 2002 14:37:57 -0700, you wrote:
>
> >| 0xD5.0xEF.0x8F.0x9D
> >
> >resolves to www.amsterdamcash.com (213.239.143.157)
> >
> >It scares me to think that spammers might be starting to
> evolve into having
> >the same intelligence level as a human.
>
> This trick's been going on for years, but this is the first
> time I've seen hex used.
The www.yahoo.com@xxxx yes, but the hex part could even turn out to be a
true domain name... or it might be a local domain name... nobody will forbid
you to create the name 0xD5.0xEF.0x8F.0x9D.pineaus.com and put a web server
over there...
BTW... IE 6.0.2600.0000 updated by Q316059; q319812; Q321232; Q323759, as
well as Opera 6.05 both got caught in a similar trap... (Opera allways warns
you when your URL includes a username@address, but the hex thingie got
thru).
Squid wasn't caught and correctly issued an error message:
"Unable to determine IP address from host name for 0xc8.0x44.0x41.0xa2" when
I tried to load http://0xc8.0x44.0x41.0xa2/ through it...
>
--
Mariano Absatz
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
