On Mon, 2006-09-11 at 19:13 +0000, [EMAIL PROTECTED] wrote: > Hi, > > possible problem: if the erver actually runs windows, the link could be some > kind of cgi > rather than an executable
Just for the record, this kind of email is really common in pt_BR. It is really common to link to a php page. What I usually see: Card or some service from company FooBar which has domain FooBar.com, the link is something like: http://www.foobar.somehost.com/view_yourcard_online.php Somehost.com is something really short, some times www.foobar.com.b.fm . A way to fight this would either tracing the real domain in the main and where the link is pointing (e.g. foobar.com vs foobar.com.b.fm), but this could cause more FP than help, _me _sa thinks. Another way is thru SURBL, but the host can change faster than SURBL. []s Raul Dias
