![[SpamCop.net - protecting the internet through technology]](http://news.spamcop.net/newlogo.jpg)
[SpamCop-List] Re: Missed url
brewman
nobody at devnull.spamcop.net
Tue Jun 15 16:07:22 EDT 2004
"spamcop" wrote
> Spamcop misses
>
http://vip.sina.com.cn/cgi-bin/mail/redirect.cgi?http://www.aaapillsale.com/
> index.php/id/943/
>
> But hotmail links straight to
http://www.aaapillsale.com/index.php/id/943/
I think the answer is "Yes".
If I understand you correctly, when you click on it, in a hotmail mail
viewer, you go to the site. That is because the hotmail (or any
browser) click EXECUTES the vip.sina.com.cn link. the redirect.cgi
then takes "?http://www.aaapillsale.com/" as its parameter.
vip.sina.com.cn then redirects.
SC does not execute the link, just LOOKS at the string. It cannot know
what redirect.cgi will do with its parameter, anymore than one that
says "?affid=3" Indeed, it could do nothing with it, and the spammer
insert "?www.microsoft.com" to get them a bad name.
What would I do? Once I have ascertained that the link does indeed
redirect to where I expect, then I would get its reporting addresses
from SC, and send a LART there.
NB I have a little test application with hooks all over IE that I
debug through, displaying all its navigation paths. Others use
something like Sam Spade. There is a danger if you use an "unprotected
environment"
--
Brewman
Brewman.SpamCop at brycom.cX.nX which really ends with dot co dot nz
More information about the SpamCop-List
mailing list