Is it safe to use unbounded quantifiers like + and {2,} in uri rules? I avoid
them in regular body rules.
L
> -----Original Message-----
> From: Ben Lentz [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, January 09, 2008 10:56 PM
> To: users@spamassassin.apache.org
> Subject: Re: Googlepages & Livefilestore spams
>
>
> >> but this URI redirection stuff isn't very friendly
> >> >when used by a spammer.
> >>
> >
> > Ben, the key is the "btnI" param, which maps to the "I'm feeling
> lucky"
> > button.
> > This technique appeared last summer (I deployed my non-SA-based rule
> on
> > 03-Jul-2007).
>
> Thank you, this is very valuable. I wonder if Google will ever consider
> turning it off, since it's being abused.
>
> For now, I'm going with:
>
> uri GOOG_REDIR_SLASH
> m{^https?://(?:\w+\.)*google\.(com|co\.uk|tw)/{2,}search}
> score GOOG_REDIR_SLASH 1.0
> describe GOOG_REDIR_SLASH Google URL has extra slashes
> after domain
> uri GOOG_REDIR_LUCKY
> m{^https?://(?:\w+\.)*google\.(com|co\.uk|tw)/+search.*btnI}
> score GOOG_REDIR_LUCKY 3.0
> describe GOOG_REDIR_LUCKY Google URL uses I'm Feeling
> Lucky for blind redirect
> uri GOOG_PAGES
> m{^https?://(?:\w+\.)*googlepages\.(com|co\.uk|tw)}
> score GOOG_PAGES 2.0
> describe GOOG_PAGES URL hosted at GooglePages
>
>
> ...seems pretty safe.
