I think email addresses should be scored differently from urls. Clicking on an email address isn't going to take you to a site which auto-installs all manner of malware on your PC.
But these spams are still a nuisance - especially to us thankless admins who get enormous amounts of hassle from our end-users and management everytime spam slips through with a very low spamassassin score. Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: Daryl C. W. O'Shea [mailto:[EMAIL PROTECTED] > Sent: 10 March 2006 15:47 > To: Matt Kettler > Cc: Randal, Phil; users@spamassassin.apache.org > Subject: Re: Latest spammers' trick - email address in body > instead of url > > On 10/03/06 10:26 AM, Matt Kettler wrote: > > Randal, Phil wrote: > >> Hi folks, > >> > >> We're seeing increasing amounts of spam coming in which > the email's > >> body contains seemingly innocuous (but obviously irrelevant) text > >> plus an email address for more information. > >> > >> With no urls in the message, uribls are useless... > >> > >> Currently we've had spams with emails from <whoever> (AT) > >> nicerealmail .info and <whoever> (AT) marketez-bonds .net. > >> > >> Currently handling it by adding specific rules as we > encounter them, > >> but there has to be a better way of handling this. > >> > >> Anyone for emailbls? Or updating uribl to fire on > >> [EMAIL PROTECTED] email addresses in message bodies? > >> > >> Thoughts, anyone? > > > > Um... SA should already be treating email addresses in the body as > > URIs... Are you sure yours isn't looking up the offending domains > > agianst the URIBLs you're using? > > I don't believe that's accurate. I know Jeff C. argued that > it "wasn't what SURBL was intended for" so we ended up disabling it. > > Personally, I still think email address should be looked up. > Either the domain is bad or it isn't. > > http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4201 > > > Daryl >