uri MY_EMAILINURL_1 /https?:([EMAIL PROTECTED])/i
Tim B wrote:
because a lot of spam contains some email address in an embedded uri that I'm seeing. I threw together this rule:
uri MY_EMAILINURL_1 /https?:([EMAIL PROTECTED])/i
describe MY_EMAILINURL_1 Contains what appears to be an Email Address in URL
score MY_EMAILINURL_1 1.5
basically it seems to work well as it searches for http or https an @ symbol and atleast two parts which may make up a domain.tld
I did it this way, because the email contained in the URL wasn't always the recipient, but often some sender, or someone that might get credit if the URL is clicked.
------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
