>-----Original Message----- >From: Rakesh [mailto:[EMAIL PROTECTED] >Sent: Wednesday, December 15, 2004 5:38 AM >To: users@spamassassin.apache.org >Subject: A change in tact > > >Hii > >I am using Spamassassin with URI, Razor and DCC checks to catch spams. >After implementing URI checks my life had became easier. But ever since >the SURBLs and URI checks became popular means of trapping spams the >spammers have devised a ne way to send their mails in. > >Recently some of the spams had started slipping in through my setup and >as every spam that appeared in my boss's inbox my pant was on fire. > >I found that earlier the urls in these spam mails were pointed >to the ad >servers or the spammer's website to request images or links. But in >these mails that slipped in the links were of geocities.com or >tripod or >other free webhosting service providers. > >Earlier I thought tht these links might be forged and actually might be >pointing to some other spammers website, but these links actually point >to geocities and on visiting the link u get HTML redirection to the >spammers site. > >As sample of such spam is as follows > >If you can make a woman laugh you can do anything with her. >http://www.geocities.com/brenda_paul_100/ > > > >So the question is how do we tackle this scenario. Either we blacklist >free hosting sites like geocities.com in SURBL and get false positives, >or we make a humble request to these free webhosting companies to stop >new registrations and crack down on the ids and hope that the >webhosting >company will really do this or we find out an intermediate way, which i >was trying to think of but couldn't make my grey cells work on it. So I >am making my last resort. Asking the experts to help me out. > >So how do we tackle this ? >
This has been discussed. The simple answer is, a proxy lookup to SURBL. So squid checking SURBL listings for a URL before going to it. This way on the redirect would die to a page saying "Blocked for spamming" Geocities takes forever. I've been given a small corpa of this kind of spam. I'm trugging thru it slowly. But I think I might be able to come up with a SA rule for it. Not sure yet. Geocities could have a script to look for redirect code. IF it is against their AUP to use this tactic...then they should clean the dog poop from their own backyard ;) --Chris
