Hi SA Community In the last couple of weeks, I see a massive increase of spam mails which make use of google site redirection and dodge all our attempts at filtering.
That is google redirector is about the only common thing in those emails. Source IP, text content etc. is quite random. Such an example URI looks like (two spaces added to prevent this triggering other filters) https://www.goo gle.com/url?q=https%3A%2F%2Fkissch icksrr.com%2F%3Futm_source%3DbDukb6xHEYDF2%26amp%3Butm_campaign%3DKirka2&sa=D&sntz=1&usg=AFQjCNGkpnVKLl8I1IP9aQXtTha-jCnt3A google.com of course is whitelisted. Creating a rule to match the string "google.com/url?q=" also is a no go as this would create way to many false positives. So if I could somehow extract the domain "kissch icksrr.com" and ckeck it against URI blacklists, we would probably solve that issue. Has anyone already come up with a way how to do that? Mit freundlichen Grüssen -Benoît Panizzon- -- I m p r o W a r e A G - Leiter Commerce Kunden ______________________________________________________ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 Pratteln Fax +41 61 826 93 01 Schweiz Web http://www.imp.ch ______________________________________________________