On Mon, 13 Jul 2009, John Hardin wrote:
Why be restrictive on the domain name?

If  a conservative spec is sufficient to match the spam, then we're
helping avoid false positives.... I'd rather tweak the rule to
catch the new tricks of the spammer than overgeneralize. :)

The + signs are a little risky, it might be better to use {1,3} instead.

(nod) Though without the '/m' option it would be limited to the same line.
My thinking is that a spammer would quickly figure out to add more obfuscation, and there is little risk of a false positive occuring with
that kind of broad spacing and an xxx99 domain name....

And the older rule allowed for spaces in the TLD. I don't recall if anybody provided more than one spample with that though.

I've not seen it too much, though it doesn't hurt to keep it in the
rule. I actually added it back into my live rule after I posted....

To answer your next post, I don't use '\b' because the next 'trick' coming will likely be something looking like Xwww herenn comX... :)

- C

Reply via email to