new uri bypass? - ORF Forums

new uri bypass? RSS Back to forum

1

I got an email this morning that had the usual ad and the usual link. So I went to uribl to report it and found when I copied and pasted the link I got this: "http://דירותדיסקרטיותבירושלים.com/bowwow77.html" instead of the shown address with the mouseover in outlook.

The link does work and after manually typing in the link it was reported to uribl but since orf was unable to see the actual link it passed.

is this new?

by Mike Hood 8 years ago
2

@Mike Hood: We certainly have not seen such link before. It probably uses the IDN technique (http://en.wikipedia.org/wiki/Internationalized_domain_name) which allows Unicode characters in the domain name and let the browsers compile them into the DNS-friendly format of http://xn--5dbdahbbsfcbcb2bp5c0fmffvii.com/bowwow77.html .

ORF uses complex logic to discover URL domains in the message body, but as it does not support IDN transcoding for lookups, even if it finds the domain name, it will not be able to look it up.

If IDN will get widely abused by the spammers, we will take steps to prevent such spam from slipping thru.

by Peter Karsai (ORF Team) 8 years ago
(in reply to this post)

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

It will not be published.
hnp1 | hnp2