[Mimedefang] Using MD to defeat spam with embedded far-east URI's

[Kevin A. McGrail]

Honestly, I think this would be a good idea for a rule in SpamAssassin.
However, I wonder whether you are using some of the realtime blacklists for
SpamAssassin and the Razor feature because both of those could contribute to
that problem?

Have you configured your SpamAssassin to use Razor and perhaps looked into
any of the existing RBLs that SpamAssassin supports?

KAM



> I've been looking at my spam recently in the Quarantined directory
> and apart from the Nigerian guy who wants desparately to send me
> a million dollars, a pattern is appearing that appears not to be
> being caught which would give a higher hit rate of spam detection.
>
> Most if not all spam have URI's in them that resolve to
Korean/Chinese/Taiwan
> DNS blocks. Although spamassassin has the 20_uri_tests.cf, this only
> checks agains a static set of known words. New SPAM's are now using
> words like "\/iagra", "Teen/\ge" and the such to defeat SA. Clearly
> using a static defeat list in SA is not ideal.
>
> Although it's trivial to block the far-eastern domains relays sending
> emails to us, we don't seem to score URI's by DNS reolution against a
> fixed list or RBL for example.
>
> So my question is can this be done in MD easily ? What it esentially
> entails would be a filter to shove into an array any URI's appearing
> in the body and then reverse resolve and check against a static block
> list (i.e. all far-eastern classes) or against RBL ?