John Hardin wrote:
On Tue, 6 Apr 2010, Ned Slider wrote:
uri LOCAL_URI_BITLY m{https?://bit\.ly/\w{6}}
describe LOCAL_URI_BITLY contains bit.ly link
bit.ly is a legitimate URL-shortening service. Are you sure you want to
penalize them?
As I said, I use that rule in a meta rule combining with FROM_HOTMAIL.
Anyway, for *me* and with *my* mail flow - yes, I want to penalize
bit.ly in emails sent from hotmail.com, as they are without exception
spam. In fact I suspect we all penalize a lot of legitimate domains that
regularly appear in spam (abused by spammers).
Anyway, the purpose of my response was more to illustrate that Alex
could use a URI rule to match, rather that the rawbody rule he cited :)
