On 8/15/2012 12:57 PM, dar...@chaosreigns.com wrote:
On 08/15, Jim Schueler wrote:
the attached. �All share a common marker of embedding a text url within an
HTML <a> tag containing a different URL. �This seems like an obvious
marker for spam, I wonder why there isn't a rule for it.
There is a rule. It hits 10x as much non-spam as spam:
ruleqa.spamassassin.org/?rule=%2Fspoofed_url
There was some work on improving it:
http://osdir.com/ml/users-spamassassin/2011-10/msg00237.html
It didn't work out:
http://osdir.com/ml/users-spamassassin/2011-10/msg00304.html
Feel free to try to do better.
Thanks for finding this. I also have some analysis somewhere on my
corpus though I doubt it would be different excepting that your corpus
likely doesn't include emails with images so it's a bit skewed the other
direction as that likely blocks the advertising tracker companies.
Regards,
KAM
