You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@spamassassin.apache.org on 2023/01/22 03:31:31 UTC
[Bug 8113] New: DecodeShortURLs should support TLD levels below 3rd
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=8113
Bug ID: 8113
Summary: DecodeShortURLs should support TLD levels below 3rd
Product: Spamassassin
Version: 4.0.0
Hardware: PC
OS: Linux
Status: NEW
Severity: enhancement
Priority: P2
Component: Plugins
Assignee: dev@spamassassin.apache.org
Reporter: dilldall@bjork.org
Target Milestone: Undefined
According to the docs for DecodeShortURLs; "If the domain begins with a '.',
3rd level tld of the main domain will be checked.". This is rather limiting, as
many redirectors use levels below the 3rd, sometimes several levels below.
There currently does not seem to be any way to specify such redirectors with
url_shortener (but please correct me if I'm wrong, this is only based on my own
limited testing).
Ideally, it should handle any number of dots in an url_shortener setting. If
the domain begins with a dot, simply check below that level, however many
levels deep the link may be, and so also regardless of how many dots may
precede the configured domain.
So for this:
url_shortener .1.com
It should check all these:
1.com
2.1.com
3.2.1.com
4.3.2.1.com
...
For this:
url_shortener .2.1.com
It should check all these:
2.1.com
3.2.1.com
4.3.2.1.com
...
And so forth.
There are plenty of real world examples of redirectors which seemingly cannot
be supported without this.
From newsletters:
CUSTOMER.ct.sendgrid.net
CUSTOMER.customer.voyado.com
CUSTOMER.p.indiegogo.com
CUSTOMER.svc.dynamics.com
cdn.REGION.exponea.com
smc-link.CUSTOMER.ondemand.com
Some have further levels still:
CUSTOMER.r.REGION.awstrack.me
CUSTOMER.r.ag.d.sendibm3.com
Or see for instance Office 365, where any links in email sent from a user with
the Safe Links feature enabled will be wrapped to look like this:
REGION.safelinks.protection.outlook.com
(where region seems to be ISO 3166-1 alpha-3 country code)
https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/safe-links-about
--
You are receiving this mail because:
You are the assignee for the bug.