I might fine tune it a bit.
I've only seen length 37 and 38 characters after the tld
It is only lower case hex codes so you can exclude (g-z)
I've seen lots of .info and a few .nets as additional tld.
Very active spammer here
(?i:href=.+\.(com|info|net)/[a-f0-9]{37,38}">)
-----Original Message-----
From: [email protected] [mailto:[email protected]] On Behalf Of Dave
Beckstrom
Sent: Tuesday, July 20, 2010 8:00 AM
To: [email protected]
Subject: [Declude.JunkMail] Regex to block this?
I'm getting hit by one spammer who manages to get through most of my
filters. His spam consistently uses the format of:
<a
href="http://gcc128.blinksroads.com/5768cbbeb6bba86c3157116a6de8e54b31dab5";>
<img src="http://gcc128.blinksroads.com/images/157286c08.jpg";....
How would I write a regex that would look for .com/ followed by a string of
garbage with no .htm or other web extension on the end?
---
[This E-mail scanned for viruses by Declude]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [email protected], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
---
[This E-mail scanned for viruses by Declude]
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [email protected], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
![http://gcc128.blinksroads.com/images/157286c08.jpg"](http://gcc128.blinksroads.com/images/157286c08.jpg"){kind=link}