On Mon, 12 Apr 2004, Richard Laager wrote: > There's no way a spammer can get around this sort of filtering by > padding a message with extra URIs since in this case a single case of > a URI is enough to trip the test.
Following URI's makes me intensely nervous... here are some nasty things a spammer could do: - Have URI's that resolve to unroutable addresses, ensuring lots of slowness and timeouts as the parser tries to follow them. - Exploit bugs in URL followers to potentially reveal sensitive information. Creative combinations of cookies, JavaScript, etc. could work wonders. (Remember, your URL follower has to simulate an actual browser to do its job properly.) - An attacker with knowledge of your internal network could potentially force the URL scanner to follow something that has a side effect. I think a DB of known spam URL's is safe. Following URL's makes me nervous... Regards, David. _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
