Jump to content
jprogram

Link obfuscation flaw?

Recommended Posts

I noticed if a spam message has more than eight links the obfuscation process is skipped. But it is skipping important links to scan that could lead to the spammer.

For instance, any links using the same domain name as the e-mail's domain name should be scanned regardless. I'm hoping the link obfuscation doesn't get fooled by redirecting sites.

I am believing the spam that I'm getting are deliberately flooding with links to bypass the obfuscation.

Share this post


Link to post
Share on other sites

Keep in mind that the links in the body of the spam are the lowest priority for the parser.  Historically SpamCop has been concerned with the source of the spam.  Groups like KnukOn (No Junk) were concerned with following the money - the links in the body of spam.

Pulling back the veil, following the trail and sending spam Reports to links in the body takes away assets from the primary task of building the block list. You can of course submit your own.

Share this post


Link to post
Share on other sites
Posted (edited)

I suppose I could, on my own, e-mail some of the web networks linked on the messages.

Edited by jprogram

Share this post


Link to post
Share on other sites
Posted (edited)
On 3/9/2020 at 11:00 AM, Lking said:

Keep in mind that the links in the body of the spam are the lowest priority for the parser.

I think there is a reason behind this policy.  I had a report head to an administrator about two decades ago under this policy and the administrator confused a link as the originator of the spam rather than to look at the headers.  The link happened to be my work's website at the time, so they kept blaming me for the spam.  That administrator was for a prominent university and I would have thought they knew better.  Before that, I also wanted the links to be reported, but after I realized that some links could be friendlies added by the spammer to get into trouble.  As an administrator I would like to know about people using my site in their spam, but I also realized that some of these administrators might not know how to read email or even understand spam reports.

I believe the original reason they stopped reporting when too many links was resources because each report could create many new emails to each administrator.

Edited by gnarlymarley

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×