On Mon, 21 Nov 2016, Matus UHLAR - fantomas wrote:
On 20.11.16 19:46, Alex wrote:
Am I reading this rule wrong, or does the presence of a .info domain
enough to warrant a 2.8 score?
* 2.1 URI_NO_WWW_INFO_CGI URI: CGI in .info TLD other than third-level
"www"
<https://clientservices.ogletreedeakins.info/rs/vm.ashx?ct=3D24F76A1AD5E20A=
EDC1D180ACD125901ADFBE7BB3D38714D4CF371647BF8D90DDD78032>*
uri URI_NO_WWW_INFO_CGI
/^(?:https?:\/\/)?[^\/]+(?<!\/www)\.[^.]{7,}\.info\/(?=\S{15,})\S*\?/i
This particular email was scored at 5.30, and wouldn't have hit if it
didn't also hit SORBS, but such a score seemed quite high for just the
presence of a type of TLD.
it's not based only on .info tld:
1. TLD .info
2. no 'www'
3. third level domain
4. at least 6 characters 2nd-level domain
5. CGI script parameters.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
