You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Niek <ni...@asbak.coding-slaves.com> on 2005/05/15 03:21:24 UTC

Evading URI checks

Today I got some spams which evaded URI checks like this:

Go Here to Order Online: RxRealness.com

How would one go about adding checks for the omission of http:// ?

Only things that hit were: bayes, base64 raw and drugs_erctile by the way.

Niek

Re: Evading URI checks

Posted by Loren Wilton <lw...@earthlink.net>.

> > Go Here to Order Online: RxRealness.com
>
> > How would one go about adding checks for the omission of http:// ?
>
> It's something the SA developers have already considered, but it
> may be too resource intensive to check for every possible domain
> that doesn't have a URI method.  Does this give spammers a way to
> advertise their domains without detection?  Sure it does, but it
> also means they can't use clickable links, which may decrease
> their response rates.

Its also not all that useful., at least in that particular spammer's case.
I got one of those somewhat after the OP mentioned his.  Mine scored 19.2
without any network checks.

        Loren

Re: Re: Evading URI checks

Posted by Raymond Dijkxhoorn <ra...@prolocation.net>.

Hi!

>> Go Here to Order Online: RxRealness.com
>
>> How would one go about adding checks for the omission of http:// ?
>
>> Only things that hit were: bayes, base64 raw and drugs_erctile by the way.

> may be too resource intensive to check for every possible domain
> that doesn't have a URI method.  Does this give spammers a way to
> advertise their domains without detection?  Sure it does, but it
> also means they can't use clickable links, which may decrease
> their response rates.

X-Prolocation-MailScanner-SpamCheck: spam, SpamAssassin (score=11.019,
     required 5, BAYES_00 -2.60, URIBL_AB_SURBL 0.42, URIBL_JP_SURBL 4.26,
     URIBL_OB_SURBL 3.21, URIBL_SBL 4.26, URIBL_WS_SURBL 1.46)

Uhm, running the latest CVS version on SA, and it does tackle them.

Bye,
Raymond.

Re: Evading URI checks

Posted by Jeff Chan <je...@surbl.org>.

On Saturday, May 14, 2005, 6:21:24 PM, Niek wrote:
> Today I got some spams which evaded URI checks like this:

> Go Here to Order Online: RxRealness.com

> How would one go about adding checks for the omission of http:// ?

> Only things that hit were: bayes, base64 raw and drugs_erctile by the way.

> Niek

It's something the SA developers have already considered, but it
may be too resource intensive to check for every possible domain
that doesn't have a URI method.  Does this give spammers a way to
advertise their domains without detection?  Sure it does, but it
also means they can't use clickable links, which may decrease
their response rates.

Jeff C.
-- 
Jeff Chan
mailto:jeffc@surbl.org
http://www.surbl.org/