Seems Spammers have found a way to evade the URI checks
the domain coolestrxever.com is listed in multi.surbl.org. But the spammers managed to to evade the URI checks by appending special charaters at the end of the url which are happily allowed by the browsers.
The spam that I recieved had
http://www.coolestrxever.com: (aa colon at the end of the url)
After a bit of R&D I found the other options for spammers to carry this techinque
http://www.coolestrxever.com; (a semicolon) http://www.coolestrxever.com, (a comma) http://www.coolestrxever.com. (a fullstop) http://www.coolestrxever.com? (a question mark)
With all these special characters at the end of url, URI checks tries to make lookup as
debug: querying for coolestrxever.com:.sc.surbl.org
End result, passed the promising URI checks.
I am seeing the first of its kind of spam. If any version of Spamassassin fixes this in its URI retrieval program please let me know
--
Regards, Rakesh B. Pal
Project Leader
Emergic CleanMail Team.
Netcore Solutions Pvt. Ltd.
======================================================== Success is how high you reach after you hit the bottom. ========================================================
