https://bz.apache.org/SpamAssassin/show_bug.cgi?id=8112
Bug ID: 8112
Summary: Add rule for Yandex redirection
Product: Spamassassin
Version: 4.0.0
Hardware: PC
OS: Linux
Status: NEW
Severity: enhancement
Priority: P2
Component: Rules
Assignee: dev@spamassassin.apache.org
Reporter: dilld...@bjork.org
Target Milestone: Undefined
There's already the venerable __GOOG_REDIR, and various rules that use it.
Lately I've seen quite a lot of spam using Yandex to redirect instead of
Google, usually as part of redirect chains starting with clck.ru shortened
URLs. There doesn't seem to be any trace of Yandex in the current ruleset, at
least not in a redirection context.
I'm currently using this rather trivial thing:
uri __YAND_REDIR
m;^https?://[^/]*sba\.yandex\.net/redirect\?;i
meta YAND_REDIR __YAND_REDIR
describe YAND_REDIR Yandex redirect used to obscure
spamvertised website
A variant of this could be added, together with an associated
redirector_pattern. Similar rules to those currently using __GOOG_REDIR could
be added in Yandex variants, or the existing ones could be made more generic by
doing a (__GOOG_REDIR || __YAND_REDIR), replacing "Google" with "Search engine"
in the rule description.
clck.ru should of course also be added to the url_shortener list.
Example URL from spam, first link of a lengthy redirect chain (which these
usually tend to be): https://clck.ru/33K9Ut =>
https://sba.yandex.net/redirect?url=https%3A%2F%2Flogclicking.com%2F%3Fa%3D8083%26c%3D56614%26s1%3Ds004%26s2%3Ds004&client=clck&sign=c0fd27a3a2c3ec61f09c1e84d4470a94
--
You are receiving this mail because:
You are the assignee for the bug.
