>...
>>>...
>>> Thoughts, anyone?
>>
>> Um... SA should already be treating email addresses in the body as
>> URIs... Are you sure yours isn't looking up the offending domains
>> agianst the URIBLs you're using?
>
>I don't believe that's accurate. I know Jeff C. argued that it "wasn't
>what SURBL was intended for" so we ended up disabling it.
>
>Personally, I still think email address should be looked up. Either the
>domain is bad or it isn't.
>
>http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4201
>
>
>Daryl
>
Agreed. They are called URI rules, not URL rules. All URIs should
be checked (including Message-IDs, and all other cases in RFC2396, RFC2483
and the new "Standards Track" RFC3986). Also note that URI types are IANA
registered and a complete list of allocations is available at iana.org.
NOTE: the issue of incomplete URIs is still an open problem (e.g. email
addresses like [EMAIL PROTECTED] are not properly formated URIs, but an
entry like mailto:[EMAIL PROTECTED] is).
At least some of us use far more than just SURBL (and URIBL) for
URI rules - very effective, though low scores are needed because of FPs,
but multiple rule hits add up very quickly, even on brand new domains and
spam runs with IP based BLs.
BTW. The OP's example domains both appear to be Yambo Financials,
though the second is hosted at Yahoo! (Yambo's favorite "free provider"
to abuse).
Paul Shupak
[EMAIL PROTECTED]
