On Thu, 5 Jul 2007, Kelson wrote:

> > On Tue, 3 Jul 2007, Matt wrote:
> >
> >> Why can't Spamassassin do like a MD5 hash of any URL's in a
> >> message and check them against a database? I just think it would
> >> help catch things like: geocities.com/spamer123/ or
> >> spamer123.tripod.com and etc.

>
> The concept might still be useful for specific known "grey" hosts
> with a mix of legit sites and spam sites -- geocities, tripod,
> blogspot, etc. --where the URL patterns are known. If you know
> the pattern is account.example.com, or example.com/account, then
> throw away the rest of the URL and list/lookup the base pattern.


True. The plugin doing the analysis would have a list of domains and
slice points (how much of the URL to discard before hashing). I
presume the MD5 sum would be checked via a DNS lookup? That would be
the only way to get a reasonable response time for new URLs to block.

--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhardin@impsec.org FALaholic #11174 pgpk -a jhardin@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
If someone has a gun and is trying to kill you, it would be
reasonable to shoot back with your own gun.
-- the Dalai Lama, May 15, 2001
-----------------------------------------------------------------------
2 days until Robert Heinlein's 100th birthday