Jonas Eckerman wrote: > Hi! > > I just threw together a plugin that can check URLs for redirections, > and add whatever they redirect to to the message meta-data so that the > true destinations are checked by URIBLs etc...........
I'm giving this a go and it looks good. I do wonder how companies like tinyurl are going to respond if 500,000 mail servers suddenly turned around and hit it for the same URL within a 2 minute period. Techniques that perform callback do tend to get nasty. However (and I've bet this has been talked about before), this seems to be solving a problem that should have been solved by SURBL? Why can't SURBL be expanded to support full URLs instead of just the hostname? That way you could blacklist "a.bad.domain" as well as "xttx://tinyurl . com/redirect-to-bad-domain"? Some form of BASE64 encoding would be needed of course, but why not? Isn't it true that antispam systems want to check email for known bad websites? As such that is defined as bad FQDN and bad URLs that would redirect users to the bad FQDN (ie redirectors). Just asking :-) -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
