Gilbert, Joseph wrote:
> There are a number of tactics of URL obfuscation that could easily
> permanently kill a filter that was totally reliant on scanning urls.
>
> Third off, there are a significant number of ways to obfuscate/encode
> URLs. Commonly, most spam still uses a straight hostname based URL
> which keeps sburl pretty effective. However, it is also feasible
> that more and more spammers will use a legitimate looking text
> display for a link and use an encoded URL, not visible to the average
> user, within the A HREF tag.
True. But that obfuscation comes at a price: the obfuscation. :) Seriously,
obfuscating a URL is branding yourself a spammer, in much the same manner
that writing "v1agra" is a sure giveaway of your malicious intent.
In fact, obfuscating a URL, where no such obfuscation is required, will
actually make it easier for anti-spam detection tools to weed them out.
These obfuscated URLs carry, as it were, a spam-signature which transcend
the actual URL. Which means you can detect a spam URI, regardless of its
dereferenced location even: the obfuscation itself is evidence of spam.
Granted, SURBL does not yet, to my knowledge, deploy such tests. I highly
recommend they do, though. If, and when, they do, SURBL will become
unbeatable: either because of matching spammy domain names directly, or
through detecting unnecessary obfuscation. Either way, the spammer loses.
P.S. I sent a copy of this email to the SA list, where the makers of SURBL
seem most active.
- Mark
System Administrator Asarian-host.org
---
"If you were supposed to understand it,
we wouldn't call it code." - FedEx
-------------------------------------------------------
This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek
For a limited time only, get FREE Ground shipping on all orders of $35
or more. Hurry up and shop folks, this offer expires April 30th!
http://www.thinkgeek.com/freeshipping/?cpg=12297
_______________________________________________
Razor-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/razor-users
