I was the loudest voice screaming for this. SA devs opened a bug on it. (Wish I could find it again!) Then I realised the 1 SERIOUS flaw with it.
With a DNSRBL and email there is one sender to check. With URLs there is no limit to how many one could put in a spam. A spammer could simply flood the spam with good and bad URLs. This would cause a timeout and simply skip the test. You could limit the number of URLS, but the spammers would simply add that many good ones in. I've even spoken to RBL hosts. Some fear what this would do to their servers. THe number of lookups would skyrocket. So the only ting I can think of is a local RBL. :( --Chris > -----Original Message----- > From: Robert Brooks [mailto:[EMAIL PROTECTED] > Sent: Friday, March 05, 2004 8:39 AM > To: SpamAssassin Mailing List > Subject: Re: New grubby med spammer sneeking through > > > Would it be possible to do this kind of url blacklisting via > a dns based lookup > service? > > Has anyone discussed it? Maybe the likes of spamcop.net > would be in a good > position to extract the webserver ips that are hosting > spamvertised content and > list their ips in a reverse blacklist zone. > > Just a thought. > > Rob > > Loren Wilton wrote: > > There is a new guy that a trained Bayes will catch, but no > current rules. > > It looks like a simple body rule looking for his href tag > will catch the > > ones I've seen so far. He has a pattern that will ket more > complex rules > > match on the body if needed. > > > > Below is the cheap rule for him, and pattern development if > he changes the > > url text and someone needs to make a more complex rule. > > > > Cheap body rule: > > > > body LW_SELCYCDC /http\:\/\/selcydc\.com/ > > > > > > Possible body rules to catch his stuff if needed: > > > > /, (?:looking|searching) for a (?:place|site) to get medi\w+\?/ > > /(?:Quality|Cheap) Viag\w+ and Cial\w+\./ > > /Best deals, 80 p[rcen]+t off!/ > > /We (?:are able to ship|can send)[\w\s]+wide/ > > > > > > Loren > > > > > > > -- > Robert Brooks, Network Manager, Hyperlink Interactive Ltd > <[EMAIL PROTECTED]> http://hyperlink-interactive.co.uk/ > Tel: +44 (0)20 7240 8121 Fax: +44 (0)20 7240 8098 > - Help Microsoft stamp out piracy. Give Linux to a friend today! - >
