On Sun, 25 Feb 2018, LeandroCarlosRodrigues wrote:
Amir Caspi wrote
On that note -- regardless of what OTHER HW/SW solutions might do, since
this is a SpamAssassin mailing list ... is there any facility to implement
this in SA? That is, when calling the URIBL plugin, could it check both
the shortened URL and the expanded URL (for known shorteners) ? Does that
facility already exist and I missed it?
Hi Guys! We provide an URIBL that already have a script in Perl to expand
redirections until no more redirections:
[snip..]
Just be careful how you do that "expand redirections until no more redirections"
or you may get caught in a spammer trap.
If you're going thru a professional redirect site like goo.gl or bit.ly you're
probably pretty safe but if it's a dedicated spammer site be ware.
I was testing some redirection expantions on URLs from spam and found a site
that clearly had been crafted to foil this kind of thing.
It was in one of those "check this out" spams which contains one line of
greeting and then a URL.
When I grabbed it using curl it returned a 301 redirect, so I grabbed that
target, which lead to another 301, lather-rinse-repeat ad nausium.
However if you used a browser it went to the target "burn fat pills" site in
just two redirects.
So my bet is that the spammers are crafty enough to check things like browser
referrer, cookies, etc to detect/differentiate a browser vs a link-checker.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
