l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2003 Sep 26 21:26

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] OT: one of the most pernicious spams i've ever seen.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] OT: one of the most pernicious spams i've ever seen.

On Thu, Sep 25, 2003 at 10:39:09PM -0700, Ken Bloom wrote:
> On 2003.09.25 21:53, Rob Rogers wrote:
> > On Thu, Sep 25, 2003 at 20:00:51PM -0700, Mitch Patenaude wrote:
> > Sorry. I was thinking back to my earlier email where I was discussing
> > encoding a domain name to look innocuous. Here was my example:
> > 
> > http://www.citibank.com%2e%61%33%6b%73%64%2e%50%69%53%65%4d%2e%4e%65%54
> > 
> > which unencoded becomes http://www.citibank.com.a3ksd.PiSeM.NeT
> > (using the actual base domain from the original email)
> > 
> >  This much your browser would have to decode to do a DNS lookup, and   
> > I've  never seen a browser show it encoded. Whether or not it sends  
> > it  encoded  in the referer, I can't speak with any authority, but I  
> > highly doubt  it  does. As for anything after the servername and/or  
> > port #, I realize  it  does send that encoded. I appologize for not  
> > making myself clear at  first.
> The browser doesn't decode this anywhere. If you try to connect to  
> http://%61mazon.com/ that's exactly what it will try to look up the IP  
> address for so that it can connect. Not "amazon.com". %encoding is just  
> a clever hack to send data to a server, not an "official" alternate way  
> of specifying the location of a document.

Not sure what you mean by "not official" (look it up in any
URL/URI-standard you choose, and especially in RFC 2616 for how it
relates to HTTP). However, escape characters are not allowed within
the hostname portion, so you're right that it will not be decoded
(they shouldn't be looked up, though, either: % is not a syntactically
valid character in the host portion); and also that, for the most
part, it's the server that does URL decoding. However, relative URIs
and username/password combos (FWICT, *not* official... per RFCs 2616
and 2396) would have to be decoded by the user agent before being sent
on to the server.

vox-tech mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
O'Reilly and Associates
For numerous book donations.