Raymond Dijkxhoorn wrote:
Hi Jose-Marcio,
Take a look at this SPAM :
http://www.ensmp.fr/~martins/Prozac
Mainly, check the source.
The problem is that it comes with many, many URLs. At the beginning, there are URLs needed by the SPAM itself. After, it puts many URLs with font size equals to 1. Most of these last domains aren't spam... 8-)
Who cares, its picked up anyway, BIGEVIL_URI_RBL and WS_URI_RBL! :)
Scripts extracting URLs to insert into blacklist **should care** with extracted URLs.
E.g. http://www.bernoulli.org, http://www.ubiquity.com, http://www.nay.org aren't really spammers, and they have nothing to do with this SPAM.
May 5 21:52:33 vmx80 MailScanner[31469]: Message i45Jp6FK030462 from 212.127.254.140 (raymond@prolocation.net) to quicknet.nl is spam, SpamAssassin (score=19.963, required 5, BAYES_99 5.40, BIGEVIL_URI_RBL 3.50, BIZ_TLD 0.10, CLICK_BELOW 0.10, DRUGS_ANXIETY 0.01, DRUGS_ANXIETY_EREC 1.00, DRUGS_DEPRESSION 0.01, DRUGS_DEPR_EREC 1.00, DRUGS_DIET 0.01, DRUGS_DIET_EREC 1.00, DRUGS_ERECTILE 1.00, DRUGS_ERECTILE_OBFU 1.50, DRUGS_MANYKINDS 1.00, DRUGS_MUSCLE 0.01, DRUGS_SLEEP 0.01, DRUGS_SLEEP_EREC 0.50, HTML_60_70 0.11, HTML_LINK_CLICK_HERE 0.10, HTML_MESSAGE 0.10, WS_URI_RBL 3.50)
I would say HOOOOOOORAY! Its doing a nice job catching them.
Bye, Raymond.