Most of what slips through our filters is exactly this. Unfortunately I know of no way to block this short of reacting to the first one seen and adding a body filter for the URL...the same thing Message Sniffer or any SURBL list would do.
I'm add maybe 1-4 of these per day. Sometimes there's enough other text for additional body filters, which can cut down on the number of edits. Anyone else have any ideas? I've thought about checking WHOIS record creation date, but the spammer could just hold onto it for a while before using it... thereby passing any age limit on the domain before passing the test. Darin. ----- Original Message ----- From: "Nick" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Wednesday, February 09, 2005 12:25 PM Subject: Re: [Declude.JunkMail] domain name a name I am seeing more and more I guess one would call throw-away domains like: .hdcnsowp.com .hcnmvkofut.com .eisopfkcnjt.com .edhcbxgsyi.com These are generally in the body of an email; is there a way to determine if a domain is in readable format? I would not fail an email over this but it would be nice to punish the email at least to some degree - -Nick --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
