You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@spamassassin.apache.org by bu...@spamassassin.apache.org on 2023/01/22 03:31:31 UTC

[Bug 8113] New: DecodeShortURLs should support TLD levels below 3rd

https://bz.apache.org/SpamAssassin/show_bug.cgi?id=8113

            Bug ID: 8113
           Summary: DecodeShortURLs should support TLD levels below 3rd
           Product: Spamassassin
           Version: 4.0.0
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: Plugins
          Assignee: dev@spamassassin.apache.org
          Reporter: dilldall@bjork.org
  Target Milestone: Undefined

According to the docs for DecodeShortURLs; "If the domain begins with a '.',
3rd level tld of the main domain will be checked.". This is rather limiting, as
many redirectors use levels below the 3rd, sometimes several levels below.
There currently does not seem to be any way to specify such redirectors with
url_shortener (but please correct me if I'm wrong, this is only based on my own
limited testing).

Ideally, it should handle any number of dots in an url_shortener setting. If
the domain begins with a dot, simply check below that level, however many
levels deep the link may be, and so also regardless of how many dots may
precede the configured domain.

So for this:

url_shortener .1.com

It should check all these:

1.com
2.1.com
3.2.1.com
4.3.2.1.com
...

For this:

url_shortener .2.1.com

It should check all these:

2.1.com
3.2.1.com
4.3.2.1.com
...

And so forth.

There are plenty of real world examples of redirectors which seemingly cannot
be supported without this.

From newsletters:

CUSTOMER.ct.sendgrid.net
CUSTOMER.customer.voyado.com
CUSTOMER.p.indiegogo.com
CUSTOMER.svc.dynamics.com
cdn.REGION.exponea.com
smc-link.CUSTOMER.ondemand.com

Some have further levels still:

CUSTOMER.r.REGION.awstrack.me
CUSTOMER.r.ag.d.sendibm3.com

Or see for instance Office 365, where any links in email sent from a user with
the Safe Links feature enabled will be wrapped to look like this:

REGION.safelinks.protection.outlook.com
(where region seems to be ISO 3166-1 alpha-3 country code)
https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/safe-links-about

-- 
You are receiving this mail because:
You are the assignee for the bug.