Re: Bogus authorize.net statements

On 8/15/2012 12:57 PM, dar...@chaosreigns.com wrote: On 08/15, Jim Schueler wrote: the attached. �All share a common marker of embedding a text url within an HTML tag containing a different URL. �This seems like an obvious marker for spam, I wonder why there isn't a rule for it. Th

Re: Bogus authorize.net statements

On 08/15, Jim Schueler wrote: >the attached. �All share a common marker of embedding a text url within an >HTML tag containing a different URL. �This seems like an obvious >marker for spam, I wonder why there isn't a rule for it. There is a rule. It hits 10x as much non-spam as spam:

Re: Bogus authorize.net statements

Somewhat OT, but I'm getting SPF "fail" on all the bogus authorize.net spams I've seen. That should be enough to whack 'em. Regards, David.

Re: Bogus authorize.net statements

Okay, let me modify my suggestion, then: if you can detect where the displayed text for a link is a URL, and the domain name in that URL does not match the domain name in the href, then it might be useful. Does that seem more possible? Nope. Just look at millions of things sent by constant

Re: Bogus authorize.net statements

On 08/15/2012 06:09 PM, John Hardin wrote: On Wed, 15 Aug 2012, Kevin A. McGrail wrote: On 8/15/2012 11:35 AM, John Hardin wrote: On Wed, 15 Aug 2012, Jim Schueler wrote: > Is there such a rule? No, not at present. > Can I write one (I consider myself a bit of a Perl wonk)? Sure. Post

Re: Bogus authorize.net statements

On Wed, 15 Aug 2012, Kevin A. McGrail wrote: On 8/15/2012 11:35 AM, John Hardin wrote: On Wed, 15 Aug 2012, Jim Schueler wrote: > Is there such a rule? No, not at present. > Can I write one (I consider myself a bit of a Perl wonk)? Sure. Post it here and one of the rule committers can

Re: Bogus authorize.net statements

On 08/15/2012 06:01 PM, Kevin A. McGrail wrote: On 8/15/2012 11:35 AM, John Hardin wrote: On Wed, 15 Aug 2012, Jim Schueler wrote: Is there such a rule? No, not at present. Can I write one (I consider myself a bit of a Perl wonk)? Sure. Post it here and one of the rule committers can add

Re: Bogus authorize.net statements

On 8/15/2012 11:35 AM, John Hardin wrote: On Wed, 15 Aug 2012, Jim Schueler wrote: Is there such a rule? No, not at present. Can I write one (I consider myself a bit of a Perl wonk)? Sure. Post it here and one of the rule committers can add it to their sandbox for testing against the mas

Re: Bogus authorize.net statements

On Wed, 15 Aug 2012, Jim Schueler wrote: Is there such a rule? No, not at present. Can I write one (I consider myself a bit of a Perl wonk)? Sure. Post it here and one of the rule committers can add it to their sandbox for testing against the masscheck corpora. The problem with what you

Re: Bogus authorize.net statements

Is there such a rule? Can I write one (I consider myself a bit of a Perl wonk)? I understand that there are few, if any, markers that definitively define spam; and that's the beauty of the SpamAssassin architecture. -Jim On Wed, 15 Aug 2012, Kevin A. McGrail wrote: On 8/15/2012 11:06 AM,

Re: Bogus authorize.net statements

On 8/15/2012 11:06 AM, Jim Schueler wrote: Upon Kevin's recommendation, I upgraded. Big difference. 'Though there's a bit of a retuning penalty. Woohoo, I was right! All I did was flip a coin, though ;-) I get quite a few authorize.net notifications on behalf of variou