Arvid Ephraim Picciani writes:
> Hi,
> seems that spammers are leaving encoding characters in the urls to make SA
> unable to parse it. my mailprogram (kmail currently) displays those urls
> _without_ the leftovers.
> http://rafb.net/p/S95P6c12.html
> i suggest taking this kind of obfuscation as a sign for spam (ie it should be
> in the default ruleset)
works for me:
Content analysis details: (14.3 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.9 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
[82.56.63.78 listed in zen.spamhaus.org]
0.5 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
1.6 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address
[82.56.63.78 listed in dnsbl.sorbs.net]
0.0 T_RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address
0.0 T_RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
[82.56.63.78 listed in sbl-xbl.spamhaus.org]
2.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
[URIs: oMUNGEDldbuild.cn]
2.0 URIBL_BLACK Contains an URL listed in the URIBL blacklist
[URIs: oMUNGEDldbuild.cn]
0.0 T_HS_INDEX_PARAM_3 URI: T_HS_INDEX_PARAM_3
0.0 T_HS_INDEX_PARAM_0 URI: T_HS_INDEX_PARAM_0
0.0 T_HS_INDEX_PARAM_1 URI: T_HS_INDEX_PARAM_1
0.0 HS_INDEX_PARAM URI: Link contains a common tracker pattern.
0.0 T_HS_INDEX_PARAM_5 URI: T_HS_INDEX_PARAM_5
0.0 T_HS_INDEX_PARAM_4 URI: T_HS_INDEX_PARAM_4
0.0 T_HS_INDEX_PARAM_2 URI: T_HS_INDEX_PARAM_2
0.0 HTML_MESSAGE BODY: HTML included in message
2.7 MISSING_MIME_HB_SEP BODY: Missing blank line between MIME header and
body
0.1 RDNS_DYNAMIC Delivered to trusted network by host with
dynamic-looking rDNS
0.0 T_URIBL_BLACK_OVERLAP T_URIBL_BLACK_OVERLAP
0.3 DYN_RDNS_SHORT_HELO_HTML Sent by dynamic rDNS, short HELO, and HTML
1.2 AWL AWL: From: address is in the auto white-list
what is the URL you think it's missing?
--j.
