On Wed, 27 Feb 2008, JP Kelly wrote:
>it seems like they could/should be caught but they often have very low
scores.
>they all have yahoo.co.uk in the from address
In and of itself, "yahoo.co.uk" in the From isn't too helpful, unless you
know you'll never get anything legit from there, then you could write a rule
for it.
The main thing that stands out (to me) is the China TLD in the URL.
We block all those on sight (unless they're in the recipient's domain skip
list - so far, none of my users have any China TLDs in theirs).
Perhaps one of the regex gurus will whip you up a rule. :)
Is there anything else that stands out in these?
- "Chip"
