Good eening, Simon,
On Thu, 22 Apr 2004, Simon Byrnand wrote:
Just browsing through my spam folder and noticed a spam with the following URL:
http COWLON //yahoo DAWT com DAWT collectiza DAWT com/vp9
Looks like they might think that putting yahoo.com on the front will fool a simple parser ? :) Have we been "noticed" already or am I just being paranoid ;)
That particular spam didn't match on that test, but did match on another different URL in the same message...
They've been doing this for a long time, stuffing msn, yahoo, netscape and others in front of the domain, hoping that dumb string matchers will whitelist those and then ignore the true domain. Short version; you're doing yourself a disservice if you allow mailing lists _about_ spam to go through spamassassin or any other filtering tool. Feed those lists off to separate files before you hit the spam checker. Cheers, - Bill
--------------------------------------------------------------------------- "Very funny, Mr. Scott. Now beam down my clothes." (Courtesy of Michael J. Fromberger sting@linguist.thayer.dartmouth.edu) -------------------------------------------------------------------------- William Stearns (wstearns@pobox.com). Mason, Buildkernel, freedups, p0f, rsync-backup, ssh-keyinstall, dns-check, more at: http://www.stearns.org --------------------------------------------------------------------------