I think your original solution is good enough. I'm testing it now. What
would you have to do to show the URI in the description?
On 11/10/2012 10:36 AM, John Hardin wrote:
On Sat, 10 Nov 2012, Marc Perkel wrote:
On 11/10/2012 8:57 AM, John Hardin wrote:
How much are you seeing these in real traffic?
I'm seeing a lot of these. They are coming from stolen Yahoo accounts
from back when Yahoo leaked their data base. They appear to come from
friends of mine.
Oh, good (for certain values of "good"). I've added those rules to my
sandbox so maybe they will perform well enough to be published.
Can you refine it so that there has to be something like at least 4
upper case characters in the URI to avoid false positives? For example.
http://WellsFargo.com ok
HttP: //WeLlSfaRgo.cOm not OK
Hrm. I'll have to think about that, that's fairly nontrivial.
If you are seeing specific domain names a lot then more rules like
URI_GOOG_MC could be written to catch them. Do they seem to
concentrate on some limited list of domain names (or variants like
stuff containing "google"), or are they all over the place? Feel free
to contact me offlist with a list of domain names and examples if they
seem to be limited...
--
Marc Perkel - Sales/Support
supp...@junkemailfilter.com
http://www.junkemailfilter.com
Junk Email Filter dot com
415-992-3400
