22 Apr
2004
22 Apr
'04
4:27 a.m.
On Thu, Apr 22, 2004 at 12:30:37PM +1200, Simon Byrnand wrote:
Looks like they might think that putting yahoo.com on the front will fool a simple parser ? :) Have we been "noticed" already or am I just being paranoid ;)
It's just another decoy tactic, same as using a DNS wildcard and a randomized 3LD. Also makes the URL a bit more palatable, probably improves the spammer's clickthrough by a tiny fraction of a percent, and maybe triggers a few poorly-constructed whitelist patterns. URIBL checks should match it like any other wildcard.
--
Devin \ aqua(at)devin.com, 1024D/E9ABFCD2; http://www.devin.com
Carraway \ IRC: Requiem GCS/CC/L s-:--- !a !tv C++++$ ULB+++$ O+@ P L+++