On 10/12, Christian Grunfeld wrote: > > It certainly seems like it would be very useful. I see there's a > > __SPOOFED_URL rule, but it's hard to read and doesn't have a description. > > where did you find that rule ?
On my server in the file /var/lib/spamassassin/3.004000/updates_spamassassin_org/72_active.cf Looks like it comes from: http://svn.apache.org/viewvc/spamassassin/trunk/rulesrc/sandbox/khopesh/20_khop_experimental.cf?view=markup Which uses it as part of SPOOFED_URL (the "__" in the other rule is important), which is described as: "Has a link whose text is a different URL". But that one hasn't made it into the default rule set yet. Ah, it hits 1.1% of spam but also 0.7% of non-spam, shame: http://ruleqa.spamassassin.org/?daterev=20111008-r1180336-n&rule=%2Fspoofed (it got a T_ prepended to it due to being in testing) Wonder what it's hitting in non-spam. And if it could be improved by just checking for domain mismatch instead of complete url match, if it's not doing that already. -- "Of course there's strength in numbers. But there's strength in sharp weaponry too. Ironically, this lead to what we call 'civilization'." - spore http://www.ChaosReigns.com
