>... >>>... >>> Thoughts, anyone? >> >> Um... SA should already be treating email addresses in the body as >> URIs... Are you sure yours isn't looking up the offending domains >> agianst the URIBLs you're using? > >I don't believe that's accurate. I know Jeff C. argued that it "wasn't >what SURBL was intended for" so we ended up disabling it. > >Personally, I still think email address should be looked up. Either the >domain is bad or it isn't. > >http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4201 > > >Daryl >
Agreed. They are called URI rules, not URL rules. All URIs should be checked (including Message-IDs, and all other cases in RFC2396, RFC2483 and the new "Standards Track" RFC3986). Also note that URI types are IANA registered and a complete list of allocations is available at iana.org. NOTE: the issue of incomplete URIs is still an open problem (e.g. email addresses like [EMAIL PROTECTED] are not properly formated URIs, but an entry like mailto:[EMAIL PROTECTED] is). At least some of us use far more than just SURBL (and URIBL) for URI rules - very effective, though low scores are needed because of FPs, but multiple rule hits add up very quickly, even on brand new domains and spam runs with IP based BLs. BTW. The OP's example domains both appear to be Yambo Financials, though the second is hosted at Yahoo! (Yambo's favorite "free provider" to abuse). Paul Shupak [EMAIL PROTECTED]