On 10/03/12 20:27, sporkman wrote:
Generally it is easier to offer suggestions if examples are provided (on pastebin)
Here's the latest example: http://broomesol.com/upgrade.webmail.bway.net/main_login.htm Compare to our actual webmail login: https://webmail.bway.net/
This one is easy enough - if the latter is the only valid url that should ever appear in an email, create a meta rule that looks for a url containing bway.net (or even just bway or webmail or login etc), but isn't https://webmail.bway.net/.
Create meta rules for the common words you have identified. Link these with a rule such as __HAS_ANY_URI or some of your webmail based URI rules above.
What other rules commonly hit - are they sent from freemail accounts? Do they hit any DNSBL's?
Thanks, Charles
