From: "Warren Togami" <wtog...@redhat.com>
Sent: Wednesday, 2009/September/30 21:40
uri T_CN_URL /[^\/]+\.cn(?:$|\/|\?)/i
describe T_CN_URL Contains a URL in the .cn domain
uri T_CN_8_URL /[\/.]+\w{8}\.cn(?:$|\/|\?)/i
describe T_CN_8_URL Contains a URL in the .cn domain of exactly 8
characters long
http://ruleqa.spamassassin.org/20090930-r820211-n/T_CN_URL/detail
Last night's masscheck. 63243 out of 124241 spam hits T_CN_URL, nearly
51%.
7263 T_CN_URL hits in 15517 spam corpus
7200 T_CN_8_URL hits in 15517 spam corpus
Does this make any sense? This is funny. Could someone add this rule to
the sandbox? I'm just curious.
Warren Togami
wtog...@redhat.com
I have to admire one thing about spammers. They respond very rapidly to
"threats" to their ability to break through spam protection software. You
became curious and mentioned this on the date above. Spammers are already
using <7 character names>.cn.
{^_-}
