Hi.
When submitting spam, spamcop tries to resolve the DNS name from URL's that are included ind the mail.
It could be, e.g. http://63GHfw.suspect-domain.com
SpamCop tries to resolve 63GHfw.suspect-domain.com - which might end up negative (no A or CNAME record). - But it could be, that the spammer has set up a * record - so that all requests to hosts on suspect-domain.com (except those with a specific record) hits a webserver - where they can track the hostname (in this case 63GHfw), and maybe use that for an index of a valid email of a user who clicked the URL in their mail...
I'd like SpamCop to be able to search for this * record - in order to identify a possible web-server, that handles a spamvertized web-page....
Regards
/Brian
Full Version: URL tracking
Please provide a specific example where this is the problem. I have never seen this to be a problem with the parser. Usually, it is simply long lookup times that are the issue.
QUOTE(StevenUnderwood @ May 31 2007, 11:50 AM) 
Please provide a specific example where this is the problem. I have never seen this to be a problem with the parser. Usually, it is simply long lookup times that are the issue.
I don't know if you are able to see the report on my submission - an example is located at
http://www.spamcop.net/sc?id=z1317977893z8...d92c38b92bcc4az
The webpage with techinal details says:
Resolving link obfuscation
http://MDY5YmVlODA5MDk5ZTEyZDVlMmE5MWQz.ogaldternative.com
Host mdy5ymvloda5mdk5zteyzdvlmme5mwqz.ogaldternative.com (checking ip) IP not found ; mdy5ymvloda5mdk5zteyzdvlmme5mwqz.ogaldternative.com discarded as fake.
Host mdy5ymvloda5mdk5zteyzdvlmme5mwqz.ogaldternative.com (checking ip) IP not found ; mdy5ymvloda5mdk5zteyzdvlmme5mwqz.ogaldternative.com discarded as fake.
Tracking link: http://MDY5YmVlODA5MDk5ZTEyZDVlMmE5MWQz.ogaldternative.com/
[report history]
Cannot resolve http://MDY5YmVlODA5MDk5ZTEyZDVlMmE5MWQz.ogaldternative.com/
But if I do a lookup on the hostname (or a * record), I get the IP address
Name: ogaldternative.com
Address: 121.10.172.22
Aliases: *.ogaldternative.com
QUOTE(bipsen @ Jun 5 2007, 01:50 AM)
I don't know if you are able to see the report on my submission - an example is located at
http://www.spamcop.net/sc?id=z1317977893z8...d92c38b92bcc4az
And once again, this seems to be more of a timeout issue than anything else. Every URL I have ever seen show the IP not found error that I have tested, has had a lookup in excess of 500ms, an eternity in DNS time, especially when doing ~10 spams with multiple lookups every second. It is likely that a lookup of your spam with only the host as the website would also timeout. I will test when I get back to the computer. Commute is calling.
CODE
C:\Documents and Settings\sunderwood\dig>dig ogaldternative.com
; <<>> DiG 9.2.3 <<>> ogaldternative.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;ogaldternative.com. IN A
;; ANSWER SECTION:
ogaldternative.com. 60 IN A 121.10.172.22
;; Query time: 859 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Tue Jun 05 07:18:08 2007
;; MSG SIZE rcvd: 52
C:\Documents and Settings\sunderwood\dig>dig mdy5ymvloda5mdk5zteyzdvlmme5mwqz.og
aldternative.com
; <<>> DiG 9.2.3 <<>> mdy5ymvloda5mdk5zteyzdvlmme5mwqz.ogaldternative.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;mdy5ymvloda5mdk5zteyzdvlmme5mwqz.ogaldternative.com. IN A
;; ANSWER SECTION:
mdy5ymvloda5mdk5zteyzdvlmme5mwqz.ogaldternative.com. 0 IN A 208.69.32.132
;; Query time: 6015 msec
;; SERVER: 208.67.220.220#53(208.67.220.220)
;; WHEN: Tue Jun 05 07:18:39 2007
;; MSG SIZE rcvd: 85
; <<>> DiG 9.2.3 <<>> ogaldternative.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;ogaldternative.com. IN A
;; ANSWER SECTION:
ogaldternative.com. 60 IN A 121.10.172.22
;; Query time: 859 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Tue Jun 05 07:18:08 2007
;; MSG SIZE rcvd: 52
C:\Documents and Settings\sunderwood\dig>dig mdy5ymvloda5mdk5zteyzdvlmme5mwqz.og
aldternative.com
; <<>> DiG 9.2.3 <<>> mdy5ymvloda5mdk5zteyzdvlmme5mwqz.ogaldternative.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;mdy5ymvloda5mdk5zteyzdvlmme5mwqz.ogaldternative.com. IN A
;; ANSWER SECTION:
mdy5ymvloda5mdk5zteyzdvlmme5mwqz.ogaldternative.com. 0 IN A 208.69.32.132
;; Query time: 6015 msec
;; SERVER: 208.67.220.220#53(208.67.220.220)
;; WHEN: Tue Jun 05 07:18:39 2007
;; MSG SIZE rcvd: 85
QUOTE(StevenUnderwood @ Jun 5 2007, 07:25 AM)
It is likely that a lookup of your spam with only the host as the website would also timeout. I will test when I get back to the computer. Commute is calling.
As I expected: http://www.spamcop.net/sc?id=z1318606670z1...056ad4d8617a08z
CODE
Resolving link obfuscation
http://ogaldternative.com
Host ogaldternative.com (checking ip) IP not found ; ogaldternative.com discarded as fake.
Host ogaldternative.com (checking ip) IP not found ; ogaldternative.com discarded as fake.
Tracking link: http://ogaldternative.com/
No recent reports, no history available
Cannot resolve http://ogaldternative.com/
http://ogaldternative.com
Host ogaldternative.com (checking ip) IP not found ; ogaldternative.com discarded as fake.
Host ogaldternative.com (checking ip) IP not found ; ogaldternative.com discarded as fake.
Tracking link: http://ogaldternative.com/
No recent reports, no history available
Cannot resolve http://ogaldternative.com/
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.