Re: antiphishing

[Matus UHLAR - fantomas <uh...@fantomas.sk>]

>On Sat, Oct 15, 2011 at 12:38 AM, <da...@chaosreigns.com> wrote:
>> And I need to remind you that it hits almost as much ham as spam:
>> http://ruleqa.spamassassin.org/20111008-r1180336-n/T_SPOOFED_URL/detail
>>
>> I agree it seems like we should be able to improve it.  Maybe make
>> exceptions for known marketing trackers, as Adam Katz mentioned it has
>> problems with.

On 31.10.11 19:15, Mahmoud Khonji wrote:
>just to add a few more suggestions:
>* checking whether the anchor's actual URL (href URL) has the modal
>domain (a domain that is most frequently linked in the same email),
>and if it is not the modal domain then the email is spam.

That's what I've meant in my last ail to this thread. It would 
apparently require a SA plugin (not just a simple regexp rule)
but we'd be able allow different domains, e.g. bank example.com bought 
bank example.net etc.


>* checking the age of the href URL's domain via a Whois lookup (not
>all domains have the registration time stamp though), and if the age
>falls below certain thresholds then it's spam.

simple meta combining the rule above and DOB would catch this 
perfectly.

>* checking the domain rank via a search engine, and if the rank falls
>below certain thresholds then it's spam.

domain ranking would be just very different rulem could be combined 
with those above.

-- 
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Micro$oft random number generator: 0, 0, 0, 4.33e+67, 0, 0, 0...