On 2024-12-13 at 06:53:59 UTC-0500 (Fri, 13 Dec 2024 12:53:59 +0100)
Kirill A. Korinsky <kir...@korins.ky>
is rumored to have said:
Dear SA users,
I'd like to share with you a patch which allows me to catch an
offering SEO
spam which I've encountered in my INBOX quite a few missed for last
weeks.
Changes:
1. adds .xyz as suspicious zone because namecheap sells this domain
for ~€1;
That's not (in itself) enough for use to include it in that list.
See https://ruleqa.spamassassin.org/20241207-r1922358-n/%2FTLD_XYZ
That shows the performance of a rule that has been in testing for some
time which matches any *.xyz address in the From header. It routinely
scores in the 0.7-0.8 range on the "S/O" ratio, indicating that roughly
1 in every 4 messages that it matches is NOT spam. That is too high for
inclusion in the default "suspicious TLD" list. There is NOT an
analogous rule for body URIs, so perhaps it is worthwhile to add a rule
for those as well.
Obviously, any SA deployment can add enlist* directives to add .xyz to
one or both lists
2. extends PDS_SEO2 regex to catch that spam.
Because that's a "sandbox" rule in the sandbox of Paul Stead, it is
prudent and courteous to get his input on this. I hope he is still
reading this list.
An example of that spam email:
https://pbot.rmdir.de/xbuEKl2kxv7AmPBRYzRU-g
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo@toad.social and many *@billmail.scconsult.com
addresses)
Not Currently Available For Hire
