Re: Rule for encoded/bugged URLs?
On Oct 31, 2008, at 9:58 AM, Ned Slider wrote:
> Kevin Windham wrote:[color=green]
>> On Oct 31, 2008, at 9:25 AM, ram wrote:[color=darkred]
>>> Use a pastebin to paste the entire mail and send us the the URL.[/color]
>> Here is the email.
> Not sure what you mean by encoded - the fact it's part of an html
> formatted message?[/color]
I just mean that the URLs look like they are encoded to capture
identity. i.e. if you clicked on it, your email address would be
marked as a real address and more spam would surely follow. I rarely
get real email from an actual person that are encoded that way.
Sometimes I get them from companies, but there aren't normally so many
in the message, especially identical ones.
The other sign is the encoded img tags. I can't recall seeing a
regular site use img tags that are encoded with no meaningful name.
Also, in this case it seems the message-id itself is encoded in the
URLs of links and images. I think that would be a strange thing to do
for a regular site. It seems the spammer is really anxious to get any
kind of feedback that the message was viewed.
> Anyway, URIBLs should catch these. That particular domain is now
> listed on URIBL_Black and in XBL on spamhaus.
I do have URIBL running. I got a message earlier that scored a black.
It seems that quite a few of these get through before being listed.