>...
>Does anyone have a geocities rule that catches most of the spams
>and has few FPs?
>
>Cheers,
>
>Jeff C.
>--
>Jeff Chan
>mailto:[EMAIL PROTECTED]
>http://www.surbl.org/
>
Do you want to block the general drug spam, the "SoftTab"/ED spam,
the porn, the penis enhancers or the stock pump&dumps (don't know if those
are Leo too)?
If you're already greylisting, most of the zombie spew will go
away. Raymond's recent rules and Loren/SARE's xx_LEO_xx rules help a bit
with the drug spam; And if you're not at the start of a run, all the digests
(e.g. DCC, Razor and Pyzor) help immensely - they do respond quicker than
the BLs (even SURBL - DCC is particularly quick to pick up the spam, and
for me at least, Pyzor picks up Leo better than it does on most other things).
Of course the DUL rules help too, but too many DSL and cable machines still
miss those.
The only non-net rule I haven't seen is a pattern match for Leo's
favorite ED term /\bsoft{0,2}\s?t?abs?\b/i (i.e. "SoftTabs" and variants);
I'm sure someone else could write a better expression and there are probably
other obfuscations I haven't seen - but this will only catch one type of
the spam, but the most common after the "table" drug spam. Another "product"
is /\blongz\b/i, but it seems barely pushed anymore.
Also, unfortunately I have seen examples from nearly every prefixed
geocities site (e.g. "uk", "de", "sg", "www", etc. - with "uk" by far the
most common). Also quite a few hit only a few rules, and only net rules at
that. Also, some of the newest ones are "image" spam with just random text,
practically impossible to catch except for the digests (though easy to learn
to recognize the large breasted nurse in the image - but that doesn't help
stop them).
Good luck,
Paul Shupak
[EMAIL PROTECTED]
