[Spambayes] spammers abusing the yahoo redirector.
Skip Montanaro
skip at pobox.com
Mon Jan 19 12:44:08 EST 2004
Anthony> At work, we're seeing a whole pile of URLs in spam of the form
Anthony> http://rd.yahoo.com/hbillgbyijbd/*http://www.naturalgrowthmeds.com/rmvefwfewjlk/
Anthony> This is (ab)using the rd.yahoo.com redirector to attempt to
Anthony> foil the filters. We should probably put a simple rule in to
Anthony> fix this.
You mentioned this and another yahoo.com redirector. Do you propose that we
special-case them or try and come up with a scheme which tries to more
generally detect redirectors (or just maintain a table of all "important"
redirectors)? Google also exposes a redirector:
http://www.google.com/url?q=http://www.my-free-music.com/home.htm&sa=l&ai=Ao9nvWZBDAdLzJ4L-cU8lFDcA2rqiFAL802YALy_0JwQAQ6EAgT9ABgQAYaBAAAAAAA&num=1
which appears can be easily abused. This works without all the other
gobbledygook:
http://www.google.com/url?q=http://www.my-free-music.com/home.htm
With a few more redirector examples, perhaps we could conclude that URLs
containing two "http://" strings are redirectors, then extract and tokenize
only the second.
or-maybe-i'm-trying-to-be-too-smart-ly, y'rs,
Skip
More information about the Spambayes
mailing list