John D. Hardin wrote:
> On Tue, 3 Jul 2007, Matt wrote:
>> Why can't Spamassassin do like a MD5 hash of any URL's in a
>> message and check them against a database? I just think it would
>> help catch things like: or
>> and etc.

> Too easy to defeat using a URI with random parameters pointing to a
> PHP et. al. page that ignores parameters (assuming you include
> parameters in the hash) or via wildcard DNS using random third- or
> fourth-level hostnames.

Even the path could be made random if they use mod_rewrite or
equivalent. If always
serves up the contents of salespitch.html, they can generate as many
URLs as they want.

The concept might still be useful for specific known "grey" hosts with a
mix of legit sites and spam sites -- geocities, tripod, blogspot, etc.
--where the URL patterns are known. If you know the pattern is, or, then throw away the rest of
the URL and list/lookup the base pattern.

Kelson Vibber
SpeedGate Communications