> From: Raymond Dijkxhoorn [mailto:[EMAIL PROTECTED] > > > http://adserver.adtech.de/?adlink|2.0|340|436977|1|16|AdId=323398;BnId > > =1;link=target.com (where 'target.com' is the spammer site). > > Anybody know anything about this? > > I mailed their abuse dept but it seems they dont care. They > are abuse by spammers by running a open redirector. > > This is going on a short week now and sinc then we have > spotted a gazillion of them.
Is there a list somewhere? Better a file of them for SpamAssassin? Grep'ing my rules shows that 72_sare_redirect_post3.0.0.cf has a few for MSN, Yahoo, Google (and double Google) but there aren't that many and yours was (I believe) one without a rule. THANKS! > Its the same guys that also abused the zdnet.com, > internet.com and nate.com redirs (remember those?) > > I throw them out: > > uri PROLO_REDIR_ADTECH_CHECK1 /^http:\/\/adserver\.adtech\.de\// > score PROLO_REDIR_ADTECH_CHECK1 8.0 > describe PROLO_REDIR_ADTECH_CHECK1 PROLO_REDIR-ADTECH CHECK, Body I suggest a case-insensitive /i switch on the regex. Checking https:// , this site does not seem to support ssl (but that might not be true for all such relays.) -- Herb Martin