https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5864
--- Comment #2 from Matt Kettler <[EMAIL PROTECTED]> 2008-03-25 21:04:25 PST --- First, let's clarify. Freelotto.com and geocities.com are listed in URIBL grey, not URIBL black. Quite frankly, the URIBL grey list, with it's whopping 0.25 point score isn't exactly what I'd call a strong motivator to alter the configuration. Also consider that URIBL grey is actually a better indicator of nonspam than spam, at least it was in the set 3 mass-checks for 3.2.0's release: OVERALL SPAM% HAM% S/O RANK SCORE NAME 0.112 0.0654 0.1950 0.251 0.30 0.25 URIBL_GREY If the rule wasn't essentially "for free" with URIBL black, I'd be moving to kick it out of the ruleset. Clearly if 75% of the email matching is nonspam, it's a really lousy spam rule. I think geocties.com would be better handled by adding util_rb_2tld geocities.com to the default config. This way the URIBL blacklisted subdomains can be matched. As for Freelotto, I don't trust it's really being seen in spam other than frame-ups by fraudsters. After all, if we start blacklisting sites that spammers forge, they could get any site blacklisted by forging it enough. http://www.freelotto.com/fraudalert.asp Do you have any examples that are genuine? This example: http://groups.google.com/group/news.admin.net-abuse.sightings/browse_thread/thread/8735361ee9f653d3/755b311f49b23d5c?hl=en&lnk=st&q=freelotto.com#755b311f49b23d5c Appears to be linking to freelotto, but only to load images so it looks genuine. The actual clickables are aol and yahoo targets. That's not really any different than phishing. -- Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug.
