Contents of /trunk/spamassassin_config/common/url_spam

# joy, 2003-06-29
body ORIENTSKY                  /orient-sky\.com/
describe ORIENTSKY              Japanese spam
score ORIENTSKY                 4

# joy, 2003-07-06
body PACHETES                   /www\.pachetes\.com/
describe PACHETES               Spanish spam
score PACHETES                  4

# cjwatson, 2003/07/12
body NO_MORE_ACCENT             /www\.no-more-accent\.com/
describe NO_MORE_ACCENT         No More Accent spam
score NO_MORE_ACCENT            4

# joy, 2003-08-15
header FETHARD                  Subject =~ /fethard.biz/i
describe FETHARD                Spam from Fethard.biz
score FETHARD                   4

# joy, 2003-10-21, 2003-10-31
body PHARMACYSPAM3      /http:\/\/www\.rx(salenow|ville)\.biz/i
describe PHARMACYSPAM3  pharmacy spam 3
score PHARMACYSPAM3     4

# cjwatson, 2004-01-13
# blarson, any number 2004-04-01
# blarson, more ajustmets 2004-04-03
body HREF_NNNN          /www\.\d{3,5}hosting\.com/
describe HREF_NNNN      www.NNNNhosting.com spam
score HREF_NNNN         3

# cjwatson, 2004-02-16
body SOCCER_MOMS        /www\.soccer-moms\.biz/
describe SOCCER_MOMS    Porn spam
score SOCCER_MOMS       4

# cjwatson, 2004-02-22
body MRSM_TILO          /mrsm-tilo\.com/
describe MRSM_TILO      Medical spam
score MRSM_TILO         4

# cjwatson, 2004-02-27
body FAST_ACTING        /fast-acting\.com/
describe FAST_ACTING    Viagra spam
score FAST_ACTING       4

# blarson 2004-04-04
body COMCLICKPH         /com-click\.com\.ph/
describe COMCLICKPH     PH spam gang
score COMCLICKPH        4

# blarson 2004-05-01
body MEDS675            /(675meds|medsarergreat)\.com/i
describe MEDS675        More drug spam
score MEDS675           3

# blarson 2004-04-30
body ERHOME             /erhome\.com/i
describe ERHOME         loan spammer
score ERHOME            3

# blarson 2005-04-27
body CANDYHOS           /\.(?:candyhos\.com|(?:mycountry|polty|make4u)\.cc|puchiphoto\.org|purepure\.org)\//i
describe CANDYHOS       spams from korea, hosts in japan
score CANDYHOS          5

# blarson 2005-12-08
body GEOCITIES          /http\:\/\/.*geocities/i
describe GEOCITIES      geocities url
score GEOCITIES         1.6

# blarson 2005-12-24
body EMPTYURL           /\bhttp:\/\/(?:www\.)?$/i
describe EMPTYURL       empty URL
score EMPTYURL          1.5

# blarson 2006-02-06
body AMPRO              /www\.amateurprovideo\.info/i
describe AMPRO          bug submitting spammer
score AMPRO             5

# blarson 2007-04-03
body IMAGESHACK         /\/img\d+\.imageshack\.us\//i
describe IMAGESHACK     shack attack
score IMAGESHACK        3.5


# dla 2007-04-03
header MSOUTLOOK        x-mailer =~ /Microsoft\s+Outlook/i
describe MSOUTLOOK      Microsoft Outlook
score   MSOUTLOOK       0

meta SHACKOUTLOOK       IMAGESHACK && MSOUTLOOK
describe SHACKOUTLOOK   shack'ed to outlook
score SHACKOUTLOOK      2

# blarson 2007-04-09
body UNSUBG             /\bwww\.guiaartistica\.com\.ar\b/
describe UNSUBG         spamming bts with unsubscribe messages
score UNSUBG            14

# blarson 2007-05-14
body IMGCLOSET          /\bhttp\:\/\/.*\b((image(closet|thrust|hosting)|mypicshare|tinypic|fileanchor|imgspot)\.com|bilder-hosting\.de|saunalahti\.fi|upload2\.net|imagehost\.ro)\b/i
describe IMGCLOSET      closet spammer
score IMGCLOSET         3.5

# blarson 2007-05-17
body TROUBLEDE          /\bhttp\:\/\/www\.TroubleAgent\.de\b/
describe TROUBLEDE      troubleagent.de spam
score TROUBLEDE         3.5

# don 2007-05-24
body BESTLOANS          /www.bestmortloans.com/i
describe BESTLOANS      Best loans url
score BESTLOANS         2

# blarson 2007-07-22 2007-09-12
body PENPRO             /\@(?:penmailpro|OnsetIng|openprotection|NearOut)\.info\b/i
describe PENPRO         penmailpro spam
score PENPRO            3.5

# blarson 2007-09-05 2007-09-11
body WWWCN              /\b(?:www\.|https?\:.*)\w+\.cn\b/i
describe WWWCN          chinese web site
score WWWCN             3

# cjwatson, 2002/04/04
body EMAILOFFER                 /www\.emailoffer\.us/
describe EMAILOFFER             Gibberish HTML spammers
score EMAILOFFER                4.0

# cjwatson, 2002/04/08
body JUSTYAK                    /www\.JustYak\.com/
describe JUSTYAK                JustSpam
score JUSTYAK                   4.0

# blarson 2007-09-10
body SIZMATZ            /\bsize-matterz\.com\b/i
describe SIZMATZ        size matterz
score SIZMATZ           3

# blarson 2007-09-10
body EMAGX              /\bhttp\:\/\/emagx\.net\b/i
describe EMAGX          wondercum spammer
score EMAGX             3.5

# blarson 2007-09-13
body FREENFL            /\bhttp\:\/\/freeNFLtracker\.com\b/i
describe FREENFL        nfl spam
score FREENFL           3

# blarson 2007-09-13
body SPAMARREST         /\bhttp\:\/\/www\.spamarrest\.com\b/
describe SPAMARREST     forwards thier spam problem
score SPAMARREST        4

# blarson 2007-09-14
body FROMAD             /\bhttp\:\/\/(?:budhipps|fromad|conavel|cliensy|comnoe)\.com\b/i
describe FROMAD         more penis spam
score FROMAD            4

# blarson 2007-09-14
uridnsbl URIBL_CNKR     cn-kr.blackholes.us.    A
body    URIBL_CNKR      eval:check_uridnsbl('URIBL_CNKR')
describe URIBL_CNKR     china or korea hosted web site
tflags  URIBL_CNKR      net
score URIBL_CNKR        2.5

# blarson 2007-09-14
uridnsbl_skip_domain    debian.org debian.net

# blarson 2007-09-14
uridnsbl        URIBL_SBL       sbl.spamhaus.org.       A
body            URIBL_SBL       eval:check_uridnsbl('URIBL_SBL')
describe        URIBL_SBL       Contains an URL listed in the SBL blocklist
tflags          URIBL_SBL       net
#reuse          URIBL_SBL
score           URIBL_SBL       3.5

# blarson 2007-09-17
body MYCHEAP            /\b(?:my)?cheap(?:oem|soft)(?:now)?\s*\.\s*com\b/i
describe MYCHEAP        software spam
score MYCHEAP           4

# blarson 2007-09-16
body WWWRU              /\b(?:www\.|https?\:.*)\w+\.ru\b/i
describe WWWRU          russian web site
score WWWRU             2

# blarson 2007-09-24
body VIPSMS             /\bvipsms\.org\b/i
describe VIPSMS         vipsms.org
score VIPSMS            4
1	don	2	# joy, 2003-06-29
2			body ORIENTSKY /orient-sky\.com/
3			describe ORIENTSKY Japanese spam
4			score ORIENTSKY 4
5
6			# joy, 2003-07-06
7			body PACHETES /www\.pachetes\.com/
8			describe PACHETES Spanish spam
9			score PACHETES 4
10
11			# cjwatson, 2003/07/12
12			body NO_MORE_ACCENT /www\.no-more-accent\.com/
13			describe NO_MORE_ACCENT No More Accent spam
14			score NO_MORE_ACCENT 4
15
16			# joy, 2003-08-15
17			header FETHARD Subject =~ /fethard.biz/i
18			describe FETHARD Spam from Fethard.biz
19			score FETHARD 4
20
21			# joy, 2003-10-21, 2003-10-31
22			body PHARMACYSPAM3 /http:\/\/www\.rx(salenow\|ville)\.biz/i
23			describe PHARMACYSPAM3 pharmacy spam 3
24			score PHARMACYSPAM3 4
25
26			# cjwatson, 2004-01-13
27			# blarson, any number 2004-04-01
28			# blarson, more ajustmets 2004-04-03
29			body HREF_NNNN /www\.\d{3,5}hosting\.com/
30			describe HREF_NNNN www.NNNNhosting.com spam
31			score HREF_NNNN 3
32
33			# cjwatson, 2004-02-16
34			body SOCCER_MOMS /www\.soccer-moms\.biz/
35			describe SOCCER_MOMS Porn spam
36			score SOCCER_MOMS 4
37
38			# cjwatson, 2004-02-22
39			body MRSM_TILO /mrsm-tilo\.com/
40			describe MRSM_TILO Medical spam
41			score MRSM_TILO 4
42
43			# cjwatson, 2004-02-27
44			body FAST_ACTING /fast-acting\.com/
45			describe FAST_ACTING Viagra spam
46			score FAST_ACTING 4
47
48			# blarson 2004-04-04
49			body COMCLICKPH /com-click\.com\.ph/
50			describe COMCLICKPH PH spam gang
51			score COMCLICKPH 4
52
53			# blarson 2004-05-01
54			body MEDS675 /(675meds\|medsarergreat)\.com/i
55			describe MEDS675 More drug spam
56			score MEDS675 3
57
58			# blarson 2004-04-30
59			body ERHOME /erhome\.com/i
60			describe ERHOME loan spammer
61			score ERHOME 3
62
63			# blarson 2005-04-27
64			body CANDYHOS /\.(?:candyhos\.com\|(?:mycountry\|polty\|make4u)\.cc\|puchiphoto\.org\|purepure\.org)\//i
65			describe CANDYHOS spams from korea, hosts in japan
66			score CANDYHOS 5
67
68			# blarson 2005-12-08
69			body GEOCITIES /http\:\/\/.*geocities/i
70			describe GEOCITIES geocities url
71			score GEOCITIES 1.6
72
73			# blarson 2005-12-24
74			body EMPTYURL /\bhttp:\/\/(?:www\.)?$/i
75			describe EMPTYURL empty URL
76			score EMPTYURL 1.5
77
78			# blarson 2006-02-06
79			body AMPRO /www\.amateurprovideo\.info/i
80			describe AMPRO bug submitting spammer
81			score AMPRO 5
82
83			# blarson 2007-04-03
84			body IMAGESHACK /\/img\d+\.imageshack\.us\//i
85			describe IMAGESHACK shack attack
86			score IMAGESHACK 3.5
87
88
89			# dla 2007-04-03
90			header MSOUTLOOK x-mailer =~ /Microsoft\s+Outlook/i
91			describe MSOUTLOOK Microsoft Outlook
92			score MSOUTLOOK 0
93
94			meta SHACKOUTLOOK IMAGESHACK && MSOUTLOOK
95			describe SHACKOUTLOOK shack'ed to outlook
96			score SHACKOUTLOOK 2
97
98			# blarson 2007-04-09
99			body UNSUBG /\bwww\.guiaartistica\.com\.ar\b/
100			describe UNSUBG spamming bts with unsubscribe messages
101			score UNSUBG 14
102
103			# blarson 2007-05-14
104			body IMGCLOSET /\bhttp\:\/\/.*\b((image(closet\|thrust\|hosting)\|mypicshare\|tinypic\|fileanchor\|imgspot)\.com\|bilder-hosting\.de\|saunalahti\.fi\|upload2\.net\|imagehost\.ro)\b/i
105			describe IMGCLOSET closet spammer
106			score IMGCLOSET 3.5
107
108			# blarson 2007-05-17
109			body TROUBLEDE /\bhttp\:\/\/www\.TroubleAgent\.de\b/
110			describe TROUBLEDE troubleagent.de spam
111			score TROUBLEDE 3.5
112
113			# don 2007-05-24
114			body BESTLOANS /www.bestmortloans.com/i
115			describe BESTLOANS Best loans url
116			score BESTLOANS 2
117
118	don	16	# blarson 2007-07-22 2007-09-12
119			body PENPRO /\@(?:penmailpro\|OnsetIng\|openprotection\|NearOut)\.info\b/i
120	don	2	describe PENPRO penmailpro spam
121			score PENPRO 3.5
122
123	don	13	# blarson 2007-09-05 2007-09-11
124			body WWWCN /\b(?:www\.\|https?\:.*)\w+\.cn\b/i
125	don	2	describe WWWCN chinese web site
126			score WWWCN 3
127
128			# cjwatson, 2002/04/04
129			body EMAILOFFER /www\.emailoffer\.us/
130			describe EMAILOFFER Gibberish HTML spammers
131			score EMAILOFFER 4.0
132
133			# cjwatson, 2002/04/08
134			body JUSTYAK /www\.JustYak\.com/
135			describe JUSTYAK JustSpam
136			score JUSTYAK 4.0
137
138	don	13	# blarson 2007-09-10
139			body SIZMATZ /\bsize-matterz\.com\b/i
140			describe SIZMATZ size matterz
141			score SIZMATZ 3
142
143			# blarson 2007-09-10
144			body EMAGX /\bhttp\:\/\/emagx\.net\b/i
145			describe EMAGX wondercum spammer
146			score EMAGX 3.5
147	don	16
148			# blarson 2007-09-13
149			body FREENFL /\bhttp\:\/\/freeNFLtracker\.com\b/i
150			describe FREENFL nfl spam
151			score FREENFL 3
152
153			# blarson 2007-09-13
154			body SPAMARREST /\bhttp\:\/\/www\.spamarrest\.com\b/
155			describe SPAMARREST forwards thier spam problem
156			score SPAMARREST 4
157
158			# blarson 2007-09-14
159			body FROMAD /\bhttp\:\/\/(?:budhipps\|fromad\|conavel\|cliensy\|comnoe)\.com\b/i
160			describe FROMAD more penis spam
161			score FROMAD 4
162
163			# blarson 2007-09-14
164			uridnsbl URIBL_CNKR cn-kr.blackholes.us. A
165			body URIBL_CNKR eval:check_uridnsbl('URIBL_CNKR')
166			describe URIBL_CNKR china or korea hosted web site
167			tflags URIBL_CNKR net
168			score URIBL_CNKR 2.5
169
170			# blarson 2007-09-14
171			uridnsbl_skip_domain debian.org debian.net
172
173			# blarson 2007-09-14
174			uridnsbl URIBL_SBL sbl.spamhaus.org. A
175			body URIBL_SBL eval:check_uridnsbl('URIBL_SBL')
176			describe URIBL_SBL Contains an URL listed in the SBL blocklist
177			tflags URIBL_SBL net
178			#reuse URIBL_SBL
179			score URIBL_SBL 3.5
180
181			# blarson 2007-09-17
182			body MYCHEAP /\b(?:my)?cheap(?:oem\|soft)(?:now)?\s\.\scom\b/i
183			describe MYCHEAP software spam
184			score MYCHEAP 4
185
186			# blarson 2007-09-16
187			body WWWRU /\b(?:www\.\|https?\:.*)\w+\.ru\b/i
188			describe WWWRU russian web site
189			score WWWRU 2
190
191	don	24	# blarson 2007-09-24
192			body VIPSMS /\bvipsms\.org\b/i
193			describe VIPSMS vipsms.org
194			score VIPSMS 4