http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5302
------- Additional Comments From [EMAIL PROTECTED] 2007-01-22 09:07 ------- I'm not 100% sure if it should... what about http://www.badsite*foo.com a spammer could register badsite.com, and count on MUAs recognising that URL (up to but not including the *), and appending ".com" to "http://www.badsite"; implicitly when the user attempts to click the URL. if we were to treat that as "www.badsitefoo.com", while the MUA/user treats it as "www.badsite", then we're going to be vulnerable to that trick. (btw it might be handy to attach a copy of the spam, fwiw.) ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
