On Tue, 3 Jul 2007, Matt wrote:

> Why can't Spamassassin do like a MD5 hash of any URL's in a
> message and check them against a database? I just think it would
> help catch things like: geocities.com/spamer123/ or
> spamer123.tripod.com and etc.

Too easy to defeat using a URI with random parameters pointing to a
PHP et. al. page that ignores parameters (assuming you include
parameters in the hash) or via wildcard DNS using random third- or
fourth-level hostnames.

John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
It there a Special Olympics for terrorists going on in the UK this
week? -- Bruce Schneier, 07/02/2007
Tomorrow: The 231st anniversary of the Declaration of Independence