On Thu, May 8, 2008 18:07, John Hardin wrote:
> Bayes isn't going to parse a URI as a URI anyway, is it?
i belived it did use that info olso
> It just tokenizes the message.
hopefully with url that confirm to rfc olso, but i see hte point where url is
obfu not to bother now when i think more about it
> Bayes will pick up the domain name string if it's delimited
> by {} as readily as it will if it's delimited by //.
yes got it now, i was just a bit blind on the hidded url in redir.html
> To clarify: why bother trying to deobfuscate the URI and figure out what
> domain it's really pointing at, so that domain can be checked against
> URIBL lists,
the hidded url could olso be a whitelisted domain
> if the form of the obfuscation is obvious and not seen in
> legitimate emails?
obfu is genricly a spam sign
> Why not just give that obfuscation four or five points
> and be done with it?
yep i will
> If that formatting *was* seen in legitimate emails, then I would say that
> it's important the URI parsers be aware of it.
yes, my fault not thinking that long here :/
> Can you provide any pointers to documentation of that formatting? I didn't
> find any in a quick gargle.
if i know what to search for i could :/
i just started this thread to be sure IE parse bug is not in sa aswell since i
could see domains not detecked in spam, but i got it now
Benny Pedersen
Need more webspace ? http://www.servage.net/?coupon=cust37098
