[Mimedefang] surbl
David F. Skoll
dfs at roaringpenguin.com
Tue Apr 13 07:48:04 EDT 2004
On Mon, 12 Apr 2004, Richard Laager wrote:
> There's no way a spammer can get around this sort of filtering by
> padding a message with extra URIs since in this case a single case of
> a URI is enough to trip the test.
Following URI's makes me intensely nervous... here are some nasty things
a spammer could do:
- Have URI's that resolve to unroutable addresses, ensuring lots of slowness
and timeouts as the parser tries to follow them.
- Exploit bugs in URL followers to potentially reveal sensitive information.
Creative combinations of cookies, JavaScript, etc. could work wonders.
(Remember, your URL follower has to simulate an actual browser to do
its job properly.)
- An attacker with knowledge of your internal network could potentially
force the URL scanner to follow something that has a side effect.
I think a DB of known spam URL's is safe. Following URL's makes me
nervous...
Regards,
David.
More information about the MIMEDefang
mailing list