Jump to content

Obscuring URLs


SourdoughJim
 Share

Recommended Posts

I've recently noticed that some URLs in the spam I receive are not being parsed by SpamCop. The problem appears to be the insertion of a null character between the href= and the full URL. Usually the character is shown in hex as 3D. It would be handy if the parsing routine could filter out anything between the href= and the quote mark at the beginning of the URL. I've been doing it manually, but sometimes I miss one.

Link to comment
Share on other sites

I've recently noticed that some URLs in the spam I receive are not being parsed by SpamCop.

This is something that has come up so often over the years, there are FAQ and Wiki entries about it.

The problem appears to be the insertion of a null character between the href= and the full URL. Usually the character is shown in hex as 3D. It would be handy if the parsing routine could filter out anything between the href= and the quote mark at the beginning of the URL.

What you appear to be describing is a "quoted-printable" construct of the body. The SpamCop.net parser doesn't have a problem with handling of that construction .... as long as the header defiitions and the body contents actually match. A Tracking URL would have allowed for some specific discussion about the specific spam involved.

I've been doing it manually, but sometimes I miss one.

This line forces the re-location of this Post/Topic to the Reporting Help Forum section as an example of someone breaking the rules .. something else addressed wthin the FAQ and Wiki. You place your Reporting Account in jeapordy by doing this.

Link to comment
Share on other sites

This is something that has come up so often over the years, there are FAQ and Wiki entries about it.

What you appear to be describing is a "quoted-printable" construct of the body. The SpamCop.net parser doesn't have a problem with handling of that construction .... as long as the header defiitions and the body contents actually match. A Tracking URL would have allowed for some specific discussion about the specific spam involved.

This line forces the re-location of this Post/Topic to the Reporting Help Forum section as an example of someone breaking the rules .. something else addressed wthin the FAQ and Wiki. You place your Reporting Account in jeapordy by doing this.

I should have been clearer. What I'm seeing looks like this:

[a href=3D"www.somewhere.com"]

If I leave the 3D in there the parser ignores the URL as invalid.

Edited by SourdoughJim
Link to comment
Share on other sites

I should have been clearer. What I'm seeing looks like this:

[a href=3D"www.somewhere.com"]

If I leave the 3D in there the parser ignores the URL as invalid.

Which you need to do if you do not wish to chance losing your account.

You are making a change to the message in order to help the parser find something it would not otherwise find and that is verbotten. (sp?)

Your original message was clear. As Wazoo mentioned, that =3D is normally inserted because of the quoted printable data type of the message. Properly implemented quoted printable is not normally a problem for the parser.

Link to comment
Share on other sites

...You are making a change to the message in order to help the parser find something it would not otherwise find and that is verbotten. (sp?)...
Ja ist es verboten. Can't be said enough:

forbidden, 禁止, verboden, interdit, απαγορευμένος, severo, 禁止される, 금지하는, proibido, запрещено, prohibido, yasaktir, etc.

What is allowed is munging your name/identity whether in headers or body and that's about "it" (parser handling of this may be incomplete - and that worries some - particularly when a "From:" is involved. Yes, I've even seen that "missed" when it is the same as the "To:").

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...