Hi, We received an email to undisclosed-recipients that contained a google redirect to an owl.ly site and another URL which appears to be a direct download of a PDF.
https://pastebin.com/raw/DekDzifK amavisd knew this single email was delivered to more than 40 recipients. Is there any way to benefit from that in spamassassin? This seems to be a common denominator with a lot of these. How much of a spam indicator is the google redirects? Can someone look at this redirect as part of the redirector_pattern along with __GOOG_REDIR? I also have a google redirect rule, and most mail it hits is already spam or bulk mail of some sort. Is T_DMARC_TESTS_FAIL or __DMARC_TESTS_FAIL reliable, and can we score against that? The links in the email are no longer a threat, but they're also not in any URIBL because it's abuse of trusted services. The owl.ly link somehow redirects to owl.li, a non-existent domain.
