I was just working on some rules to catch the current crop of mal formed urls used to escape detection by solutions that extract urls from emails and compare them to known bad urls and I am wondering if spamassassin's patterns for extraction take this into account?
For instance: https:www.google.com/mail https:\/www.google.com/mail https:\\www.google.com/mail Will all work at getting you to gmail because the technical spec doesn't actually require \\ after the colon. Will spamassassin still extract and normalize the urls above? I was hoping to avoid digging through the source to find out. Rick