I'm not sure it's actually obfuscated though?? It seems to be a valid URL, I mean in terms of it existing in DNS as-is, and in terms of it working (click on it and it takes you to the spammer's site). I actually didn't know you could use <>[] characters in a domain name, but I guess you can - this one works anyway. In any case, the question would be whether or not there are, or should be, any rules to detect a URL with <>[] characters in it - I think it would be pretty easy to write such a rule if necessary, but would there be any chance of FPs as a result? I dunno what the RFCs say about the usage of such characters in a sub-domain...
Cheers, Jeremy "Loren Wilton" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] >>> Do you need rules for them? It looks like URIBL was able to pick >>> it up fine. >> >> Yes, but I want enough points to push it over the automatic-discard >> threshhold. An extra point or two for that form of obfuscation would >> be welcome (to me, at least). > > I wrote a rule against those sort of things about a month back. I don't > recall just off the top of my head what the masscheck results were, but I > don't recall them being real impressive at the time. Possibly I concluded > that the rule wasn't quite correct and was having problems hitting nearby > html entities. > > Loren
