You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Niek <ni...@asbak.coding-slaves.com> on 2005/05/15 03:21:24 UTC
Evading URI checks
Today I got some spams which evaded URI checks like this:
Go Here to Order Online: RxRealness.com
How would one go about adding checks for the omission of http:// ?
Only things that hit were: bayes, base64 raw and drugs_erctile by the way.
Niek
Re: Evading URI checks
Posted by Loren Wilton <lw...@earthlink.net>.
> > Go Here to Order Online: RxRealness.com
>
> > How would one go about adding checks for the omission of http:// ?
>
> It's something the SA developers have already considered, but it
> may be too resource intensive to check for every possible domain
> that doesn't have a URI method. Does this give spammers a way to
> advertise their domains without detection? Sure it does, but it
> also means they can't use clickable links, which may decrease
> their response rates.
Its also not all that useful., at least in that particular spammer's case.
I got one of those somewhat after the OP mentioned his. Mine scored 19.2
without any network checks.
Loren
Re: Re: Evading URI checks
Posted by Raymond Dijkxhoorn <ra...@prolocation.net>.
Hi!
>> Go Here to Order Online: RxRealness.com
>
>> How would one go about adding checks for the omission of http:// ?
>
>> Only things that hit were: bayes, base64 raw and drugs_erctile by the way.
> may be too resource intensive to check for every possible domain
> that doesn't have a URI method. Does this give spammers a way to
> advertise their domains without detection? Sure it does, but it
> also means they can't use clickable links, which may decrease
> their response rates.
X-Prolocation-MailScanner-SpamCheck: spam, SpamAssassin (score=11.019,
required 5, BAYES_00 -2.60, URIBL_AB_SURBL 0.42, URIBL_JP_SURBL 4.26,
URIBL_OB_SURBL 3.21, URIBL_SBL 4.26, URIBL_WS_SURBL 1.46)
Uhm, running the latest CVS version on SA, and it does tackle them.
Bye,
Raymond.
Re: Evading URI checks
Posted by Jeff Chan <je...@surbl.org>.
On Saturday, May 14, 2005, 6:21:24 PM, Niek wrote:
> Today I got some spams which evaded URI checks like this:
> Go Here to Order Online: RxRealness.com
> How would one go about adding checks for the omission of http:// ?
> Only things that hit were: bayes, base64 raw and drugs_erctile by the way.
> Niek
It's something the SA developers have already considered, but it
may be too resource intensive to check for every possible domain
that doesn't have a URI method. Does this give spammers a way to
advertise their domains without detection? Sure it does, but it
also means they can't use clickable links, which may decrease
their response rates.
Jeff C.
--
Jeff Chan
mailto:jeffc@surbl.org
http://www.surbl.org/