On Sun, 12 Sep 2021, Loren Wilton wrote:
I found this little wonder in a bunch of spams I've been getting for the last
few days:
<a amzon-work to=http://"; http://"; http://"; http://"; http://"; http://";
href="http:/mi.wey.vandalized655bccemetries -dot- cleaning/<tracking
id>">unsubscribe here</a>
I have no idea if that actually works, since I'm not about to try it.
The base hostname in that URL (I bowdlerized it in this message) is listed in a
couple different URIBLs.
SA 3.4.1 is able to spot/extract that name from the garbage and trigger URIBL
rules.
In debug mode for this message its 'URIDOMAINS' contains:
ARY:[oxsus-vadesecure.net,uiowa.edu,uiowa.edu,avg.com,vandalized655bccemetries.cleaning,oxsus-vadesecure.net]
SA 3.4.6 not so much. it doesn't seem to "see" that href/URL at all.
Its 'URIDOMAINS' contains: value: avg.com
So why is SA 3.4.6 much less sensitive about picking up hosts in URLs?
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center, 103 S Capitol St.
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
