Hi,
The following mail got through even though it's listed in SURBL (check the link in the middle of the message):
crosswise is cd2 in moloch of democracy to bolshoi with anorthic. <br> whack am frau going holyoke to 22844305 be brought the eye <br> <br><br>
************************************************************************<br> ************************************************************************<br><br>
<u>Microsoft Windows XP Pro + Microsoft Office XP Pro -- $80 <br><br></u>
Adobe Photoshop 7 + Adobe Premiere 7 + Adobe Illustrator -- $120 <br><br>
Many other bundle and single offers too<br><br>
<b>
Copy and pase the link below in your browser:<br>
<br>
yahoo.durkee.knfhbfndkeMUNGED.info/?TRACKING-ID_CHANGED<br><br>
</b> ************************************************************************ ************************************************************************
<br><br><br><br><br><br><br><br>
conception is 143983335 in ablaze <br> cheap is a 136517095 of landmark into spinoff for adroit <br> waterloo was cocoon in the muslin<br> character was 45867360 in bimolecular <br>
Are they fooling SURBL by not include www or http? I've got several of these and wonder if i can do anything about this?
Thanks
/ Martin
On Thursday, January 20, 2005, 1:46:45 AM, Martin Martin wrote:
Hi,
The following mail got through even though it's listed in SURBL (check the link in the middle of the message):
[...]
yahoo.durkee.knfhbfndkeMUNGED.info/?TRACKING-ID_CHANGED<br><br>
[...]
Are they fooling SURBL by not include www or http? I've got several of these and wonder if i can do anything about this?
I don't think this can be considered a failing of SURBLs since they contain the right data to catch this. The issue is more of applications using SURBL data and what they decide to parse as URIs.
You're probably right that SpamAssassin (perhaps the application you're using?) may not treat as URIs something that does not begin with www or a URI scheme like http. But that's more of a question for applications than data. See:
http://bugzilla.spamassassin.org/show_bug.cgi?id=4087
Jeff C. -- "If it appears in hams, then don't list it."
Jeff Chan wrote:
I don't think this can be considered a failing of SURBLs since they contain the right data to catch this. The issue is more of applications using SURBL data and what they decide to parse as URIs.
You're probably right that SpamAssassin (perhaps the application you're using?) may not treat as URIs something that does not begin with www or a URI scheme like http. But that's more of a question for applications than data. See:
Hi Jeff,
Yes, im using SA 2.xx with SpamCopURI. I will check that link you posted. And btw, in the last days i've seen this kind of spam:
This is the link in the HTML formatted spam-message:
http://anne.jiagebnhamMUNGED.info/?RANDOM_CHARSsobedient
And this is how it looks in the "source":
ht<detonate>tp://anne.jiag<artifice>ebnham.info/?RANDOM_CHARSsobedient
What is your suggestion to stop this type of spam?
Thank you
/ Martin
On Tuesday, January 25, 2005, 1:09:46 AM, Martin Martin wrote:
Yes, im using SA 2.xx with SpamCopURI. I will check that link you posted. And btw, in the last days i've seen this kind of spam:
This is the link in the HTML formatted spam-message:
And this is how it looks in the "source":
ht<detonate>tp://anne.jiag<artifice>ebnham.info/?RANDOM_CHARSsobedient
What is your suggestion to stop this type of spam?
I believe SpamAssassin 3 with uridnssub will ignore tags like those and catch this spam.
Jeff C. -- "If it appears in hams, then don't list it."
-
Jeff Chan -
Martin