Currently, there have e-mail spam that using typo url to bypass from domain blacklist.
I check both URIBL and SURBL, with the correct type and found the domain is in the lists.
Example:
Hi,
Vinagra - 3. 35
Vanlium - 1. 25
Cinalis - 3. 75
Amnbien - 2. 90
http://lodrx!com
Important, Replace "!" with "."
--
it, where it would be clearly visible to everyone in the Hall.
Anybody wishing to submit themselves as champion must write their name
and school clearly upon a slip of parchment and drop it into the
Hi,
Economize 50% on your medication with our site.
Impotant: Remove "%" to make the link working.
--
Trelawney kept predicting Harrys death, which he found extremely annoying.
You should have given it up like me, shouldnt you? said Hermione
briskly, buttering herself some toast. Then youd be doing something
Hi,
Pharmacy directly from the manufacturer, economize over 50 %
www.lodrx*.com - Remove "*" to make the link working!
--
that doesnt mean he cant still spot the real thing. Moody was the best
Auror the Ministry ever had.
So... what are you saying? said Harry slowly. Karkaroffs trying to
Here is the SpamAssassin rule to block this kind of e-mail
-
body <strong>__DRUG_RA_RM</strong> /(Remove|Replace)\s+\\"[\\*\\!\%]\\"/i
-
body <strong>__DRUG_RA_PRICE1</strong> /\\S{3}ra\\s*?\\$?3[,\\.]\\s*?35\b/i
-
body <strong>__DRUG_RA_URI1</strong> /[a-z][\\*\\!\\%][a-z]{1}\\.com/i
-
body <strong>__DRUG_RA_URI2</strong> /\\.[\\*\\!\\%]com/i
-
body <strong>__DRUG_RA_URI3</strong> /([a-z][\\*\\!\\%]\\.com|rx\\!com)/i
-
meta <strong>__DRUG_RA_PRICE</strong> (__DRUG_RA_PRICE1 || __DRUG_RA_URI1 || __DRUG_RA_URI2 || __DRUG_RA_URI3)
-
meta DRUG_RA_PRICE (__DRUG_RA_PRICE && __DRUG_RA_RM)
-
describe <strong>DRUG_RA_PRICE</strong> Drug spam