We received an email to undisclosed-recipients that contained a google
redirect to an owl.ly site and another URL which appears to be a
direct download of a PDF.


amavisd knew this single email was delivered to more than 40
recipients. Is there any way to benefit from that in spamassassin?
This seems to be a common denominator with a lot of these.

How much of a spam indicator is the google redirects? Can someone look
at this redirect as part of the redirector_pattern along with
__GOOG_REDIR? I also have a google redirect rule, and most mail it
hits is already spam or bulk mail of some sort.

Is T_DMARC_TESTS_FAIL or __DMARC_TESTS_FAIL reliable, and can we score
against that?

The links in the email are no longer a threat, but they're also not in
any URIBL because it's abuse of trusted services. The owl.ly link
somehow redirects to owl.li, a non-existent domain.

Reply via email to