Hi! In most of the spam I receive at the moment there seems to be a link/text like:
http://www.domain.com/rid?=1142 Everything is (of course) base64 encoded - The main issue is to detect the .domain.[com|net|biz]/rid?[1-x digits] ... Is it possible to make a rule for this ? I have only seen it in spam, so I'm not concerned about false positives (at the moment).. Another "nice" thing would be if the system could check whether the mail originally was sent from an IP address in e.g. Brazil, China or Korea - and add appropriate score.. I'm not aware how the header-check is working, but I assume adding RBL check for e.g. china.blackholes.us would be the thing to do - but I assume this checks all IP adresses the mail has passed through - and not just the originating one ? Anyone ? /Brian ------------------------------------------------------- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
