Hii
I am using Spamassassin with URI, Razor and DCC checks to catch spams. After implementing URI checks my life had became easier. But ever since the SURBLs and URI checks became popular means of trapping spams the spammers have devised a ne way to send their mails in.
Recently some of the spams had started slipping in through my setup and as every spam that appeared in my boss's inbox my pant was on fire.
I found that earlier the urls in these spam mails were pointed to the ad servers or the spammer's website to request images or links. But in these mails that slipped in the links were of geocities.com or tripod or other free webhosting service providers.
Earlier I thought tht these links might be forged and actually might be pointing to some other spammers website, but these links actually point to geocities and on visiting the link u get HTML redirection to the spammers site.
As sample of such spam is as follows
If you can make a woman laugh you can do anything with her. http://www.geocities.com/brenda_paul_100/
So the question is how do we tackle this scenario. Either we blacklist free hosting sites like geocities.com in SURBL and get false positives, or we make a humble request to these free webhosting companies to stop new registrations and crack down on the ids and hope that the webhosting company will really do this or we find out an intermediate way, which i was trying to think of but couldn't make my grey cells work on it. So I am making my last resort. Asking the experts to help me out.
So how do we tackle this ?
regards Rakesh
