On Mon, 2006-09-11 at 19:13 +0000, [EMAIL PROTECTED] wrote:

> Hi,
> 
> possible problem: if the erver actually runs windows, the link could be some 
> kind of cgi
> rather than an executable

Just for the record, this kind of email is really common in pt_BR.
It is really common to link to a php page.

What I usually see:

Card or some service from company FooBar which has domain FooBar.com,
the link is something like:
http://www.foobar.somehost.com/view_yourcard_online.php

Somehost.com is something really short, some times www.foobar.com.b.fm .

A way to fight this would either tracing the real domain in the main and
where the link is pointing (e.g. foobar.com vs foobar.com.b.fm), but
this could cause more FP than help, _me _sa thinks.

Another way is thru SURBL, but the host can change faster than SURBL.

[]s
Raul Dias





Reply via email to