Jump to content

URL tracking


bipsen
 Share

Recommended Posts

Hi.

When submitting spam, spamcop tries to resolve the DNS name from URL's that are included ind the mail.

It could be, e.g. http://63GHfw.suspect-domain.com

SpamCop tries to resolve 63GHfw.suspect-domain.com - which might end up negative (no A or CNAME record). - But it could be, that the spammer has set up a * record - so that all requests to hosts on suspect-domain.com (except those with a specific record) hits a webserver - where they can track the hostname (in this case 63GHfw), and maybe use that for an index of a valid email of a user who clicked the URL in their mail...

I'd like SpamCop to be able to search for this * record - in order to identify a possible web-server, that handles a spamvertized web-page....

Regards

/Brian

Link to comment
Share on other sites

Please provide a specific example where this is the problem. I have never seen this to be a problem with the parser. Usually, it is simply long lookup times that are the issue.

I don't know if you are able to see the report on my submission - an example is located at

http://www.spamcop.net/sc?id=z1317977893z8...d92c38b92bcc4az

The webpage with techinal details says:

Resolving link obfuscation

http://MDY5YmVlODA5MDk5ZTEyZDVlMmE5MWQz.ogaldternative.com

Host mdy5ymvloda5mdk5zteyzdvlmme5mwqz.ogaldternative.com (checking ip) IP not found ; mdy5ymvloda5mdk5zteyzdvlmme5mwqz.ogaldternative.com discarded as fake.

Host mdy5ymvloda5mdk5zteyzdvlmme5mwqz.ogaldternative.com (checking ip) IP not found ; mdy5ymvloda5mdk5zteyzdvlmme5mwqz.ogaldternative.com discarded as fake.

Tracking link: http://MDY5YmVlODA5MDk5ZTEyZDVlMmE5MWQz.ogaldternative.com/

[report history]

Cannot resolve http://MDY5YmVlODA5MDk5ZTEyZDVlMmE5MWQz.ogaldternative.com/

But if I do a lookup on the hostname (or a * record), I get the IP address

Name: ogaldternative.com

Address: 121.10.172.22

Aliases: *.ogaldternative.com

Link to comment
Share on other sites

I don't know if you are able to see the report on my submission - an example is located at

http://www.spamcop.net/sc?id=z1317977893z8...d92c38b92bcc4az

And once again, this seems to be more of a timeout issue than anything else. Every URL I have ever seen show the IP not found error that I have tested, has had a lookup in excess of 500ms, an eternity in DNS time, especially when doing ~10 spams with multiple lookups every second. It is likely that a lookup of your spam with only the host as the website would also timeout. I will test when I get back to the computer. Commute is calling.

C:\Documents and Settings\sunderwood\dig>dig ogaldternative.com

; <<>> DiG 9.2.3 <<>> ogaldternative.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;ogaldternative.com.			IN	  A

;; ANSWER SECTION:
ogaldternative.com.	 60	  IN	  A	   121.10.172.22

;; [color="#FF0000"]Query time: 859 msec[/color]
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Tue Jun 05 07:18:08 2007
;; MSG SIZE  rcvd: 52


C:\Documents and Settings\sunderwood\dig>dig mdy5ymvloda5mdk5zteyzdvlmme5mwqz.og
aldternative.com

; <<>> DiG 9.2.3 <<>> mdy5ymvloda5mdk5zteyzdvlmme5mwqz.ogaldternative.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;mdy5ymvloda5mdk5zteyzdvlmme5mwqz.ogaldternative.com. IN		A

;; ANSWER SECTION:
mdy5ymvloda5mdk5zteyzdvlmme5mwqz.ogaldternative.com. 0 IN A 208.69.32.132

;; [color="#FF0000"]Query time: 6015 msec[/color]
;; SERVER: 208.67.220.220#53(208.67.220.220)
;; WHEN: Tue Jun 05 07:18:39 2007
;; MSG SIZE  rcvd: 85

Link to comment
Share on other sites

It is likely that a lookup of your spam with only the host as the website would also timeout. I will test when I get back to the computer. Commute is calling.

As I expected: http://www.spamcop.net/sc?id=z1318606670z1...056ad4d8617a08z

Resolving link obfuscation
   [url="http://ogaldternative.com"]http://ogaldternative.com[/url]
   Host ogaldternative.com (checking ip) IP not found ; ogaldternative.com discarded as fake.
   Host ogaldternative.com (checking ip) IP not found ; ogaldternative.com discarded as fake.

Tracking link: [url="http://ogaldternative.com/"]http://ogaldternative.com/[/url]
No recent reports, no history available

Cannot resolve [url="http://ogaldternative.com/"]http://ogaldternative.com/[/url]

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...