Arvid Ephraim Picciani writes: > Hi, > seems that spammers are leaving encoding characters in the urls to make SA > unable to parse it. my mailprogram (kmail currently) displays those urls > _without_ the leftovers. > http://rafb.net/p/S95P6c12.html > i suggest taking this kind of obfuscation as a sign for spam (ie it should be > in the default ruleset)
works for me: Content analysis details: (14.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 2.9 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL [82.56.63.78 listed in zen.spamhaus.org] 0.5 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL 1.6 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address [82.56.63.78 listed in dnsbl.sorbs.net] 0.0 T_RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address 0.0 T_RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL [82.56.63.78 listed in sbl-xbl.spamhaus.org] 2.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist [URIs: oMUNGEDldbuild.cn] 2.0 URIBL_BLACK Contains an URL listed in the URIBL blacklist [URIs: oMUNGEDldbuild.cn] 0.0 T_HS_INDEX_PARAM_3 URI: T_HS_INDEX_PARAM_3 0.0 T_HS_INDEX_PARAM_0 URI: T_HS_INDEX_PARAM_0 0.0 T_HS_INDEX_PARAM_1 URI: T_HS_INDEX_PARAM_1 0.0 HS_INDEX_PARAM URI: Link contains a common tracker pattern. 0.0 T_HS_INDEX_PARAM_5 URI: T_HS_INDEX_PARAM_5 0.0 T_HS_INDEX_PARAM_4 URI: T_HS_INDEX_PARAM_4 0.0 T_HS_INDEX_PARAM_2 URI: T_HS_INDEX_PARAM_2 0.0 HTML_MESSAGE BODY: HTML included in message 2.7 MISSING_MIME_HB_SEP BODY: Missing blank line between MIME header and body 0.1 RDNS_DYNAMIC Delivered to trusted network by host with dynamic-looking rDNS 0.0 T_URIBL_BLACK_OVERLAP T_URIBL_BLACK_OVERLAP 0.3 DYN_RDNS_SHORT_HELO_HTML Sent by dynamic rDNS, short HELO, and HTML 1.2 AWL AWL: From: address is in the auto white-list what is the URL you think it's missing? --j.