Isnt the answer really to catch the unclickable link... Namely,
/<A HREF.*><\/A>/ As suggested in the link he gave? Granted I havent tried this as a regex and it probably has holes, but It doesn't seem normal to have a link that doesn't give the option to click it. :) Steven -----Original Message----- From: Chris Santerre [mailto:[EMAIL PROTECTED] Sent: Friday, February 20, 2004 7:26 AM To: 'John Hardin'; SpamAssassin list Subject: RE: [Dshield] Incredible spam obfuscation (from MIMEDefang maillist) > -----Original Message----- > From: John Hardin [mailto:[EMAIL PROTECTED] > Sent: Thursday, February 19, 2004 3:58 PM > To: SpamAssassin list > Subject: Re: [Dshield] Incredible spam obfuscation (from MIMEDefang > maillist) > > > On Thu, 2004-02-19 at 10:26, Jon R. Kibler wrote: > > > > http://lists.roaringpenguin.com/pipermail/mimedefang/2004-Febr > uary/020188.html > > > http://lists.roaringpenguin.com/pipermail/mimedefang/2004-Febr > uary/020203.html > > Any rules to catch this trick? > > -- > John Hardin KA7OHZ I saw this as a direct attempt to foil Bigevil and similar URL marking rules. Like Bayes poison (fodder) they are trying to mess up automated scripts from harvesting the correct URLs to blacklist. But I do these by hand, so I only pull out the legit URLs from these spam. So Short answers is I've not seen a rule for this. But I do have the legit URLs in my Bigevil for the ones I do get. Chris Santerre System Admin and SA Custom Rules Emporium keeper http://www.merchantsoverseas.com/wwwroot/gorilla/sa_rules.htm 'It is not the strongest of the species that survives, not the most intelligent, but the one most responsive to change.' Charles Darwin
