On Tue, 6 Apr 2010, Ned Slider wrote:
John Hardin wrote:
On Tue, 6 Apr 2010, Ned Slider wrote:
> uri LOCAL_URI_BITLY m{https?://bit\.ly/\w{6}}
> describe LOCAL_URI_BITLY contains bit.ly link
bit.ly is a legitimate URL-shortening service. Are you sure you want
to penalize them?
As I said, I use that rule in a meta rule combining with FROM_HOTMAIL.
You _also_ use it in a meta. The rule quoted above assigns one point (by
default) to any bit.ly URL, regardless of whether it appears in a message
received from hotmail.
Anyway, for *me* and with *my* mail flow - yes, I want to penalize
bit.ly in emails sent from hotmail.com, as they are without exception
spam. In fact I suspect we all penalize a lot of legitimate domains that
regularly appear in spam (abused by spammers).
That's likely true. No big deal, as it's not a poison pill; I was just
wondering whether you actually did intend to _always_ punish bit.ly URLs
or whether you omitted the __ by mistake.
Anyway, the purpose of my response was more to illustrate that Alex
could use a URI rule to match, rather that the rawbody rule he cited :)
True, and a good example.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Windows Genuine Advantage (WGA) means that now you use your
computer at the sufferance of Microsoft Corporation. They can
kill it remotely without your consent at any time for any reason;
it also shuts down in sympathy when the servers at Microsoft crash.
-----------------------------------------------------------------------
7 days until Thomas Jefferson's 267th Birthday
