mouss wrote: > Mike Cardwell a écrit : > >> Just checking through my Spam folder and I came across a message that >> contained this in the html: >> >> >> <censored example, Verizon won't let me send it > >> Yet, there was no mention of this obvious forgery in the spamassassin >> rules which caught the email. >> >> How would you create a rule which matched when the anchor text is a url >> which uses a different domain to the anchor href? >> >> > > this has been discussed a (very) long time ago. the outcome is that a > mismatch also happens in legitimate mail.
Not just "happens", it happens quite a lot. Sometimes in nonspam it is differences that are easy to compensate for, like the link being to hosting.example.com, but the anchor text is www.example.com. Other times it's difficult to compensate for, where they first send you to a link at their ESP, which then redirects you to the actual site. Some ESPs prefer to do this, either for billing (charge extra for clicks) or spam control reasons (if the sender violates the ToS, the ESP will disable the redirect, which isn't much, but it does prevent the sender from profiting at the ESPs expense.). Regardless of reasons, Senders tend to make the text match what your browser will show after the redirect occurs, not the ESP target in some totally different domain.
