Hello, We just got some "obvious" spam going through SA. This mail does include a not-quite obfuscated URL, which is
---------- L0we$t rate found right here: HTTP://WWW.cra3ybiz.com/st.asp ---------- Strange thing is that no URIBL rules are triggered. But if we change HTTP to http, or WWW to www (or both), those rules are properly triggered. Since we are not (yet) SA-rules hackers, where should we look to upgrade locally our rules to detect this simple scheme ? Tia, NB __________________________________________________________________ Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails ! Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com/
