On Thu, 8 May 2008, Benny Pedersen wrote:
On Thu, May 8, 2008 17:29, John Hardin wrote:
Why worry about where the URI is trying to point if it's so obviously
obfuscated?
to get more data to bayes
Bayes isn't going to parse a URI as a URI anyway, is it? It just tokenizes
the message. Bayes will pick up the domain name string if it's delimited
by {} as readily as it will if it's delimited by //.
To clarify: why bother trying to deobfuscate the URI and figure out what
domain it's really pointing at, so that domain can be checked against
URIBL lists, if the form of the obfuscation is obvious and not seen in
legitimate emails? Why not just give that obfuscation four or five points
and be done with it?
If that formatting *was* seen in legitimate emails, then I would say that
it's important the URI parsers be aware of it.
Can you provide any pointers to documentation of that formatting? I didn't
find any in a quick gargle.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
[EMAIL PROTECTED] FALaholic #11174 pgpk -a [EMAIL PROTECTED]
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
The real opiate of the masses isn't religion; it's the belief that
somewhere there is a benefit that can be delivered without a
corresponding cost. -- Tom of "Radio Free NJ"
-----------------------------------------------------------------------
Today: the 63rd anniversary of VE day
