Mike Cardwell wrote: > Steve Freegard wrote: > >>>> A word of caution. Be very careful how you use the list. The >>>> intended usage for the list is to prevent (or monitor) local users >>>> from sending email to the listed addresses. The phishers frequently >>>> use compromised end-user accounts to receive the phishing replies, so >>>> there is a high risk of false positives, especially if you attempt to >>>> classify messages containing one these addresses as spam. >>> Thread fork! >>> >>> Would it be useful to have a similar list for 419 fraud contact >>> addresses? >>> >>> Discuss... >> >> That was always my intention - there are a couple of us looking at >> several methods of automatically listing e-mail addresses present in the >> body of spam or the Reply-To header to specifically target stuff that >> often slips though with low scores. >> >> I'm also looking at listing URIs that are impossible to list in the >> traditional URIBLs e.g. groups.yahoo.com/groupname/message/1 > > For listing both emails and uri's it would be useful if you could add > regular expressions. I'm not sure how you'd serve such an RBL though > without writing your own custom software or modifying an existing dns > server. Eg, it would be nice if you could add entries like this to the rbl: > > ^(?i)https?://[a-z]+\.example\.com/unsubscribe\.cgi\?id=\d+$ > > And: > > ^(?i)customer-service-[a-z]...@example\.(?:com|co\.uk)$ >
Yuck; if you want to do stuff using regexp then: uri RULE_NAME /<regexp>/ score RULE_NAME nn.nnn Is the best way to do this - not via DNS. Regards, Steve.
