On Wed, 9 Jan 2008, Ben Lentz wrote:
>any other tips would be greatly appreciated. We obviously don't want to
>blanket block google, but this URI redirection stuff isn't very friendly
>when used by a spammer.
Ben, the key is the "btnI" param, which maps to the "I'm feeling lucky"
button.
This technique appeared last summer (I deployed my non-SA-based rule on
03-Jul-2007).
I have yet to see that trick occur in Ham, based on 6 months of data using
that rule, in several hundred thousand Hams.
Change your rule to focus on that specific token.
As John stated, the rule should match on any Google domain (I just spotted
one from google.tw yesterday - limitless potential there!).
I consider the Google "lucky" trick so potentially dangerous, I use a
complete kill score.
I do not see a legitimate use for it in Ham, and the risk of luring a
not-stupid user is excessively high.
Granted, someone COULD legitimately send such a link, but a block would fall
under natural selection. :)
On Wed, 9 Jan 2008, Loren Wilton wrote:
>Of course, they may hit on valid stuff too, assuming googlepages or
>livefilestore are every valid in the mail you get. So I wouldn't be
>inclined to score them over 2 or 3, at least to start with.
Thanks Loren (and John... and others)! :)
After the first Livefilestore appeared yesterday, I had no idea how to score
that, so I quickly checked Ham data from three representative domains (each
with about a dozen accounts). As long as I was doing that, figured I'd
check for the other big three nuisance free hosts.
Here's the total occurrences of each in Ham, for the period 01-Aug-2007 thru
this week:
[family domain] with total of 34,781 hams:
61 blogspot
16 geocities
- googlepages
- livefilestore
[Midwest small business] 9,991 hams:
13 blogspot
10 geocities
- googlepages
- livefilestore
[NYC small business] 49,444 hams:
82 blogspot
9 geocities
- googlepages
- livefilestore
Personally, I've set my own (geek domain) livefilestore score to 5.1, and am
using a range of 2.55 thru 3.83 for non-geek domains.
Based on the above data, I cranked up everyone's default GooglePages score
from 1.53 to 2.55 (note though that we all use RealName based pass rules, as
I outlined last summer, so I can safely be more aggressive than most of you).
- "Chip"
