Hi, >>>> I'm having difficulty with figuring out how to tag spam where the body >>>> is only one line with a URL in it. Here is an example: >>>> >>>> http://pastebin.com/Y9mX1DRV >>> >>> It would be more helpful if you provided several examples. It would be >>> easy enough to write a rule that matched just this example. >> >> Yes, I thought that might happen. I've included some others here: >> >> http://pastebin.com/P0cJdf2V >> >> Great example from Paul Graham. The URI filters apparently can't >> respond quickly enough. > > The problem with URI-RBL filters and those particular spams is not > necessarily speed but a philosophical quandary. Those spamvertized URLs are > hacked legitimate sites with spammer pages injected (kind of like a > parasite).
They aren't legitimate sites. I'm not talking about blocking google.com in this case. I'm talking about blocking graphique-com.fr or mikeyjetadore.free.fr. Unless I'm missing something? I also was thinking it would be possible to generate a rule not necessarily relying on identifying a blacklisted URI, no? Perhaps on originating IP, or lack or real content in the body? Thanks, Alex