[SC-Help] Re: Can't resolve link for spammer's website

Sun May 8 20:57:44 EDT 2005

Mike Easter wrote:
> Jim Wasson wrote:
> 
>>I seem to be getting a lot of this lately. The spams are parsed and
>>reports are generated for the senders but not for the websites
>>involved. I checked this report today:
> 
> 
> www.spamcop.net/sc?id=z761129865zf78eab133dd819f61c9e9ded5b9d7176z
> 
> The business of SC not resolving an url is a topic of frequent
> conversation here.
> 
> SC fails to resolve url/s it finds for many reasons.  The url's
> nameservice blocks SC's resolver;  the url's nameservice is too pokey or
> otherwise flawed;  SC doesn't feel like resolving it for some reason
> that must have to do with resource managment.  It is not possible to
> tell which of the various possibilities is operative at any given time;
> and those of us out here on the outside don't have many tools to try to
> guess.  I don't have access to SC's resolver.  I can see if an url
> resolves for me, and I can use the tools at dnsstuff to find
> 'weaknesses' and inadequacies in the nameservice for an item.
> 
> The case of an 'odd' or flawed url is another matter.  My resolvers
> don't seem to care if there's an extra dot there, and there's some kind
> of 'principle' or system by which a dot at the end of the tld is
> appropriate, but I can't remember what that principle is.
> 
> However, if there were a genuinely 'bad' or misconfigured url in which
> the browser's error tolerance caused a browser to be able to access the
> url, it would be my guess that Julian would have no interest in building
> in better error tolerance into the parser.  Internet Explorer's error
> tolerance for html errors is huge compared to some other browsers, and
> the whole subject of whether or not browsers should be error tolerant or
> not is a big mess.  IMO, the world would be better off with much *less*
> error tolerance in that sphere, rather than more.
> 
> 
>>It says that the site at "http://adi.fakerolexsite.com./" can't be
>>resolved and is discarded as a fake. Note the extra period at the end
>>of the link. As a result SpamCop can't seem to find this address. I
>>used SamSpade and the site (without the period) certainly is alive
>>and well and hawking fake Rolexes.
> 
> 
> SC is not able to resolve that link with or without the extra dot;  so
> in that sense it is just another url that SC doesn't resolve for one
> reason or another as described above.  To say nothing of the disinterest
> in error tolerance.
> 
> 
>>I reported this problem in this forum on 1 April (and got no response)
>>in my post "Simple trick defeats lookup".
> 
> 

With regard to:

 > SC is not able to resolve that link with or without the extra dot;  so
 > in that sense it is just another url that SC doesn't resolve for one
 > reason or another as described above.  To say nothing of the disinterest
 > in error tolerance.

If that is really the case then and since I don't think I can't think of 
a more trivial obfuscation than adding a single period to the end of the 
link then what is "Resolving link obfuscation" supposed to mean?