On Thursday 29 July 2004 17:35, Chris Santerre wrote: > >-----Original Message----- >> [ ... ] > >What would happen if a spammer intentionally starts putting hundreds > >of different invisible random URIs within the message trying to DoS > >SURBL? > > > >Does the SA plugins check for this condition? Or have a limit as to > >how many SURBL queries will it issue for a given message? > > > >TIA > > It picks a random sample of URLs. This was one of the main concerns when we > started talking about this feature. We're always one step ahead of Mr. > Spammy ;)
I'm not so sure :( I've just received a spam which has several embedded URLs. Each URL is based on the recipient's name, in this case [EMAIL PROTECTED] So there's djn.org, djn.net, djn.com etc. At the the end there's the spam URL itself - http://ideologue.adulterously.coordaut.com/at. It could be that SURBL doesn't check this but I've just checked www.surbl.org and it's not listed anyway when I checked. Still - it's a bit creepy. Clearly an attempt to sprinkle the email with URLs constructed based on the recipients email address. Yuk. The message was sent to [EMAIL PROTECTED] Here's the message body source without the headers: <html><body ><b> Cl||AI1S & |EEVl||TRA is known as VI1lAGR'A bec<a></a>ause it acts qu<tr></tr>icker and Iasts much |onger! </b><br><br> IEVlTTRA was the se<td></td>cond anti-im<a href=http://djn.org>potenc</a>e drug approved by the u.s.a food and drug admi<a href=http://djn.net>nistratio</a>n. <br> C||IA11S is the third anti-imp<sub></sub>otence drug to win appro<sup></sup>val from the u.s.a food and d<a href=http://djn.com>rug</a> administration in the past five years. <p><b> <a href=http://ideologue.adulterously.coordaut.com/at>V`|`S`|`T 0ur S`I`T`E and O`r`d`e`r h`e`r`e</a></b> </P> </BODY></HTML>
