Alex wrote:
Hi,
I'm having a problem with emails that are from a freemail domain with
simply a shorturl in them, like this:
<br><a
href=http://bit.ly/aqI4o1>http://bit.ly/aqI4o1/Benjamin</a><br><br><br>lovee
ya<br>
rawbody LOC_BITLY
/href\=http:\/\/bit\.ly\/.+\w{1,8}>http:\/\/bit\.ly\/.+\w{1,15}\/.+\w{1,15}<\/a><br><br>/
Is this the most effective and best way to accomplish this? I believe
it works (reliably?) but am concerned about what seemed to be
excessive memory usage and false positives, obviously. Do you have any
suggestions to improve this?
It also seems that no matter how many times I train these they don't
score higher than BAYES_50, at least the FNs.
Thanks,
Alex
I'm seeing these mostly from hotmail accounts so I use a URI rule
(rather than your rawbody example) and meta it with FROM_HOTMAIL. For
example,
uri LOCAL_URI_BITLY m{https?://bit\.ly/\w{6}}
describe LOCAL_URI_BITLY contains bit.ly link
meta LOCAL_HOTMAIL_SPAM_URI (__FROM_HOTMAIL_COM && LOCAL_URI_BITLY)
describe LOCAL_HOTMAIL_SPAM_URI From hotmail.com and bit.ly
I've been training these hotmail with links spam for months, and they
all score BAYES_99 for me.
