On Tue, 18 Oct 2011, Alex wrote:
Hi,
I'm having difficulty with figuring out how to tag spam where the body
is only one line with a URL in it. Here is an example:
http://pastebin.com/Y9mX1DRV
It would be more helpful if you provided several examples. It would be
easy enough to write a rule that matched just this example.
Yes, I thought that might happen. I've included some others here:
http://pastebin.com/P0cJdf2V
Great example from Paul Graham. The URI filters apparently can't
respond quickly enough.
The problem with URI-RBL filters and those particular spams is not
necessarily speed but a philosophical quandary. Those spamvertized URLs
are hacked legitimate sites with spammer pages injected (kind of like a
parasite).
So if you black-list those hosts you are generating FPs on any legit mails
that link to those sites. Would you black-list google.com because
somebody puts 'phish' forms in a google-docs spread-sheet and then
sends out spams with that as the payload? (I see lots of 'phish'
spam with that tactic on a regular basis).
Most reputable RBLs want to avoid FPs and thus are reluctant to list such
sites.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
