OT: spamming tech question

Michael ODonnell michael.odonnell at comcast.net
Sun Apr 10 14:39:01 EDT 2005


It's normal to receive SPAM containing email addrs and URLs
that are tagged in various ways such that the spammer can
detect which of his victims has actually responded because
info about the victim is somehow encoded in the item.  Example:

  http://spammers.site.com/obfuscatedVictimsEmailAddr

...would allow the spammer's WWW server to record which victim
had responded (by noting which page was requested) and then
serve up the spammers regular page instead.  Similarly, the
following URL could reveal some victim-specific info if the
spammers DNS server was configured to participate:

  http://obfuscatedVictimsEmailAddr.spammers.site.com/

Lately I've been getting SPAM with URLs laid out like this:

 (note the ampersands in the hostname portions of these URLs)

   http://yZyvb&bllZvotZw%2eZr%2esoftpyp%2einfo/in.php?aid=11&bZpaZtx
   http://gZdhwneZyoZ.org&iyxZiZlbZj0gZt0zwZl%2Esjdkfnkyb%2Ecom/

...and my question is: how should I think about those ampersands?

Is my browser expected to interpret them?  Or are they passed
unmodified to my DNS lookup code where they have special
meaning?  Or do they get passed all the way to the spammers
DNS where only they know what they mean?
 
 (and, yes - I know that the %2e sequences translate to '.' )
 



More information about the gnhlug-discuss mailing list