[Spambayes] spammers abusing the yahoo redirector.

Skip Montanaro skip at pobox.com
Mon Jan 19 12:44:08 EST 2004


    Anthony> At work, we're seeing a whole pile of URLs in spam of the form
    Anthony> http://rd.yahoo.com/hbillgbyijbd/*http://www.naturalgrowthmeds.com/rmvefwfewjlk/

    Anthony> This is (ab)using the rd.yahoo.com redirector to attempt to
    Anthony> foil the filters. We should probably put a simple rule in to
    Anthony> fix this.

You mentioned this and another yahoo.com redirector.  Do you propose that we
special-case them or try and come up with a scheme which tries to more
generally detect redirectors (or just maintain a table of all "important"
redirectors)?  Google also exposes a redirector:

    http://www.google.com/url?q=http://www.my-free-music.com/home.htm&sa=l&ai=Ao9nvWZBDAdLzJ4L-cU8lFDcA2rqiFAL802YALy_0JwQAQ6EAgT9ABgQAYaBAAAAAAA&num=1

which appears can be easily abused.  This works without all the other
gobbledygook:

    http://www.google.com/url?q=http://www.my-free-music.com/home.htm

With a few more redirector examples, perhaps we could conclude that URLs
containing two "http://" strings are redirectors, then extract and tokenize
only the second.

or-maybe-i'm-trying-to-be-too-smart-ly, y'rs,

Skip



More information about the Spambayes mailing list