Contents of /trunk/spamassassin_config/common/url_spam

# joy, 2003-06-29
body ORIENTSKY                  /orient-sky\.com/
describe ORIENTSKY              Japanese spam
score ORIENTSKY                 4

# joy, 2003-07-06
body PACHETES                   /www\.pachetes\.com/
describe PACHETES               Spanish spam
score PACHETES                  4

# cjwatson, 2003/07/12
body NO_MORE_ACCENT             /www\.no-more-accent\.com/
describe NO_MORE_ACCENT         No More Accent spam
score NO_MORE_ACCENT            4

# joy, 2003-08-15
header FETHARD                  Subject =~ /fethard.biz/i
describe FETHARD                Spam from Fethard.biz
score FETHARD                   4

# joy, 2003-10-21, 2003-10-31
body PHARMACYSPAM3      /http:\/\/www\.rx(salenow|ville)\.biz/i
describe PHARMACYSPAM3  pharmacy spam 3
score PHARMACYSPAM3     4

# cjwatson, 2004-01-13
# blarson, any number 2004-04-01
# blarson, more ajustmets 2004-04-03
body HREF_NNNN          /www\.\d{3,5}hosting\.com/
describe HREF_NNNN      www.NNNNhosting.com spam
score HREF_NNNN         3

# cjwatson, 2004-02-16
body SOCCER_MOMS        /www\.soccer-moms\.biz/
describe SOCCER_MOMS    Porn spam
score SOCCER_MOMS       4

# cjwatson, 2004-02-22
body MRSM_TILO          /mrsm-tilo\.com/
describe MRSM_TILO      Medical spam
score MRSM_TILO         4

# cjwatson, 2004-02-27
body FAST_ACTING        /fast-acting\.com/
describe FAST_ACTING    Viagra spam
score FAST_ACTING       4

# blarson 2004-04-04
body COMCLICKPH         /com-click\.com\.ph/
describe COMCLICKPH     PH spam gang
score COMCLICKPH        4

# blarson 2004-05-01
body MEDS675            /(675meds|medsarergreat)\.com/i
describe MEDS675        More drug spam
score MEDS675           3

# blarson 2004-04-30
body ERHOME             /erhome\.com/i
describe ERHOME         loan spammer
score ERHOME            3

# blarson 2005-04-27
body CANDYHOS           /\.(?:candyhos\.com|(?:mycountry|polty|make4u)\.cc|puchiphoto\.org|purepure\.org)\//i
describe CANDYHOS       spams from korea, hosts in japan
score CANDYHOS          5

# blarson 2005-12-08
body GEOCITIES          /http\:\/\/.*geocities/i
describe GEOCITIES      geocities url
score GEOCITIES         1.6

# blarson 2005-12-24
body EMPTYURL           /\bhttp:\/\/(?:www\.)?$/i
describe EMPTYURL       empty URL
score EMPTYURL          1.5

# blarson 2006-02-06
body AMPRO              /www\.amateurprovideo\.info/i
describe AMPRO          bug submitting spammer
score AMPRO             5

# blarson 2007-04-03
body IMAGESHACK         /\/img\d+\.imageshack\.us\//i
describe IMAGESHACK     shack attack
score IMAGESHACK        3.5


# dla 2007-04-03
header MSOUTLOOK        x-mailer =~ /Microsoft\s+Outlook/i
describe MSOUTLOOK      Microsoft Outlook
score   MSOUTLOOK       0

meta SHACKOUTLOOK       IMAGESHACK && MSOUTLOOK
describe SHACKOUTLOOK   shack'ed to outlook
score SHACKOUTLOOK      2

# blarson 2007-04-09
body UNSUBG             /\bwww\.guiaartistica\.com\.ar\b/
describe UNSUBG         spamming bts with unsubscribe messages
score UNSUBG            14

# blarson 2007-05-14
body IMGCLOSET          /\bhttp\:\/\/.*\b((image(closet|thrust|hosting)|mypicshare|tinypic|fileanchor|imgspot)\.com|bilder-hosting\.de|saunalahti\.fi|upload2\.net|imagehost\.ro)\b/i
describe IMGCLOSET      closet spammer
score IMGCLOSET         3.5

# blarson 2007-05-17
body TROUBLEDE          /\bhttp\:\/\/www\.TroubleAgent\.de\b/
describe TROUBLEDE      troubleagent.de spam
score TROUBLEDE         3.5

# don 2007-05-24
body BESTLOANS          /www.bestmortloans.com/i
describe BESTLOANS      Best loans url
score BESTLOANS         2

# blarson 2007-07-22 2007-09-12
body PENPRO             /\@(?:penmailpro|OnsetIng|openprotection|NearOut|SuperOnset|medicalgloveonline|YourOnset|GreatGloveCell)\.info\b/i
describe PENPRO         penmailpro spam
score PENPRO            3.5

# blarson 2007-09-05 2007-09-11
body WWWCN              /\b(?:www\.|https?\:.*)\w+\.cn\b/i
describe WWWCN          chinese web site
score WWWCN             3

# cjwatson, 2002/04/04
body EMAILOFFER                 /www\.emailoffer\.us/
describe EMAILOFFER             Gibberish HTML spammers
score EMAILOFFER                4.0

# cjwatson, 2002/04/08
body JUSTYAK                    /www\.JustYak\.com/
describe JUSTYAK                JustSpam
score JUSTYAK                   4.0

# blarson 2007-09-10
body SIZMATZ            /\bsize-matterz\.com\b/i
describe SIZMATZ        size matterz
score SIZMATZ           3

# blarson 2007-09-10
body EMAGX              /\bhttp\:\/\/emagx\.net\b/i
describe EMAGX          wondercum spammer
score EMAGX             3.5

# blarson 2007-09-13
body FREENFL            /\bhttp\:\/\/freeNFLtracker\.com\b/i
describe FREENFL        nfl spam
score FREENFL           3

# blarson 2007-09-13
body SPAMARREST         /\bhttp\:\/\/www\.spamarrest\.com\b/
describe SPAMARREST     forwards thier spam problem
score SPAMARREST        4

# blarson 2007-09-14
body FROMAD             /\bhttp\:\/\/(?:budhipps|fromad|conavel|cliensy|comnoe)\.com\b/i
describe FROMAD         more penis spam
score FROMAD            4

# blarson 2007-09-14
uridnsbl URIBL_CNKR     cn-kr.blackholes.us.    A
body    URIBL_CNKR      eval:check_uridnsbl('URIBL_CNKR')
describe URIBL_CNKR     china or korea hosted web site
tflags  URIBL_CNKR      net
score URIBL_CNKR        2.5

# blarson 2007-09-14
uridnsbl_skip_domain    debian.org debian.net

# blarson 2007-09-14
uridnsbl        URIBL_SBL       sbl.spamhaus.org.       A
body            URIBL_SBL       eval:check_uridnsbl('URIBL_SBL')
describe        URIBL_SBL       Contains an URL listed in the SBL blocklist
tflags          URIBL_SBL       net
#reuse          URIBL_SBL
score           URIBL_SBL       3.5

# blarson 2007-09-17
body MYCHEAP            /\b(?:my)?cheap(?:xp|adobe)?(?:oem|soft)(?:now|ware)?\s*\.\s*com\b/i
describe MYCHEAP        software spam
score MYCHEAP           4

# blarson 2007-09-16
body WWWRU              /\b(?:www\.|https?\:.*)\w+\.ru\b/i
describe WWWRU          russian web site
score WWWRU             2

# blarson 2007-09-24
body VIPSMS             /\bvipsms\.org\b/i
describe VIPSMS         vipsms.org
score VIPSMS            4

# don 2007-10-01
header MAKEUP           subject =~ /makeup\.com/i
describe MAKEUP         makeup.com url
score MAKEUP            3

# blarson 2007-10-04
body SUBT               /\bsubtracthold\.com\b/i
describe SUBT           subtracthold.com
score SUBT              4

body GRAPHICMAIL        /\bhttp\:\/\/www\.graphicmail\.de\b/i
describe GRAPHICMAIL    graphicmail.de
score   GRAPHICMAIL     4


body WWWRO              /\b(?:www\.|https?\:.*)\w+\.ro\b/i
describe WWWRO          romanian web site
score WWWRO             2

# blarson 2007-10-10
body CLEANDOM           /http\:\/\/\{_clean_domains\}/
describe CLEANDOM       broken spamware
score CLEANDOM          4

# blarson 2007-10-11
body SOFTNLSE           /\bsoftnlse\s*\.\s*com\b/i
describe SOFTNLSE       softnlse.com
score SOFTNLSE          4

# blarson 2007-10-13
body MUSVID             /\b(?:MusicAndVideoWorld|usa-bestsellers)\.com/i
describe MUSVID         MusicAndVideoWorld.com
score MUSVID            4

# blarson 2007-10-16
body PLATSOFT           /\btheplatinumsoft\.com\b/i
describe PLATSOFT       theplatinumsoft.com
score PLATSOFT          4

# blarson 2007-10-22
body BLOGSPOT           /\bblogspot\.com\b/i
describe BLOGSPOT       spammers are hosting on blogspot
score BLOGSPOT          2

# blarson 2007-10-25
body PILLUS             /PILL-US\.COM\b/i
describe PILLUS         PILL-US spam
score PILLUS            4

# blarson 2007-10-25
body BETWEENTO          /\bhttp\:\/\/betweento\.com\b/i
describe BETWEENTO      betweento.com
score BETWEENTO         4

# don 2007-10-25
body MASZON             /mc?a(szon|yvidol|ttk)\.(com|org|net)/i
describe MASZON         pron spam
score MASZON            4
1	# joy, 2003-06-29
2	body ORIENTSKY /orient-sky\.com/
3	describe ORIENTSKY Japanese spam
4	score ORIENTSKY 4
5
6	# joy, 2003-07-06
7	body PACHETES /www\.pachetes\.com/
8	describe PACHETES Spanish spam
9	score PACHETES 4
10
11	# cjwatson, 2003/07/12
12	body NO_MORE_ACCENT /www\.no-more-accent\.com/
13	describe NO_MORE_ACCENT No More Accent spam
14	score NO_MORE_ACCENT 4
15
16	# joy, 2003-08-15
17	header FETHARD Subject =~ /fethard.biz/i
18	describe FETHARD Spam from Fethard.biz
19	score FETHARD 4
20
21	# joy, 2003-10-21, 2003-10-31
22	body PHARMACYSPAM3 /http:\/\/www\.rx(salenow\|ville)\.biz/i
23	describe PHARMACYSPAM3 pharmacy spam 3
24	score PHARMACYSPAM3 4
25
26	# cjwatson, 2004-01-13
27	# blarson, any number 2004-04-01
28	# blarson, more ajustmets 2004-04-03
29	body HREF_NNNN /www\.\d{3,5}hosting\.com/
30	describe HREF_NNNN www.NNNNhosting.com spam
31	score HREF_NNNN 3
32
33	# cjwatson, 2004-02-16
34	body SOCCER_MOMS /www\.soccer-moms\.biz/
35	describe SOCCER_MOMS Porn spam
36	score SOCCER_MOMS 4
37
38	# cjwatson, 2004-02-22
39	body MRSM_TILO /mrsm-tilo\.com/
40	describe MRSM_TILO Medical spam
41	score MRSM_TILO 4
42
43	# cjwatson, 2004-02-27
44	body FAST_ACTING /fast-acting\.com/
45	describe FAST_ACTING Viagra spam
46	score FAST_ACTING 4
47
48	# blarson 2004-04-04
49	body COMCLICKPH /com-click\.com\.ph/
50	describe COMCLICKPH PH spam gang
51	score COMCLICKPH 4
52
53	# blarson 2004-05-01
54	body MEDS675 /(675meds\|medsarergreat)\.com/i
55	describe MEDS675 More drug spam
56	score MEDS675 3
57
58	# blarson 2004-04-30
59	body ERHOME /erhome\.com/i
60	describe ERHOME loan spammer
61	score ERHOME 3
62
63	# blarson 2005-04-27
64	body CANDYHOS /\.(?:candyhos\.com\|(?:mycountry\|polty\|make4u)\.cc\|puchiphoto\.org\|purepure\.org)\//i
65	describe CANDYHOS spams from korea, hosts in japan
66	score CANDYHOS 5
67
68	# blarson 2005-12-08
69	body GEOCITIES /http\:\/\/.*geocities/i
70	describe GEOCITIES geocities url
71	score GEOCITIES 1.6
72
73	# blarson 2005-12-24
74	body EMPTYURL /\bhttp:\/\/(?:www\.)?$/i
75	describe EMPTYURL empty URL
76	score EMPTYURL 1.5
77
78	# blarson 2006-02-06
79	body AMPRO /www\.amateurprovideo\.info/i
80	describe AMPRO bug submitting spammer
81	score AMPRO 5
82
83	# blarson 2007-04-03
84	body IMAGESHACK /\/img\d+\.imageshack\.us\//i
85	describe IMAGESHACK shack attack
86	score IMAGESHACK 3.5
87
88
89	# dla 2007-04-03
90	header MSOUTLOOK x-mailer =~ /Microsoft\s+Outlook/i
91	describe MSOUTLOOK Microsoft Outlook
92	score MSOUTLOOK 0
93
94	meta SHACKOUTLOOK IMAGESHACK && MSOUTLOOK
95	describe SHACKOUTLOOK shack'ed to outlook
96	score SHACKOUTLOOK 2
97
98	# blarson 2007-04-09
99	body UNSUBG /\bwww\.guiaartistica\.com\.ar\b/
100	describe UNSUBG spamming bts with unsubscribe messages
101	score UNSUBG 14
102
103	# blarson 2007-05-14
104	body IMGCLOSET /\bhttp\:\/\/.*\b((image(closet\|thrust\|hosting)\|mypicshare\|tinypic\|fileanchor\|imgspot)\.com\|bilder-hosting\.de\|saunalahti\.fi\|upload2\.net\|imagehost\.ro)\b/i
105	describe IMGCLOSET closet spammer
106	score IMGCLOSET 3.5
107
108	# blarson 2007-05-17
109	body TROUBLEDE /\bhttp\:\/\/www\.TroubleAgent\.de\b/
110	describe TROUBLEDE troubleagent.de spam
111	score TROUBLEDE 3.5
112
113	# don 2007-05-24
114	body BESTLOANS /www.bestmortloans.com/i
115	describe BESTLOANS Best loans url
116	score BESTLOANS 2
117
118	# blarson 2007-07-22 2007-09-12
119	body PENPRO /\@(?:penmailpro\|OnsetIng\|openprotection\|NearOut\|SuperOnset\|medicalgloveonline\|YourOnset\|GreatGloveCell)\.info\b/i
120	describe PENPRO penmailpro spam
121	score PENPRO 3.5
122
123	# blarson 2007-09-05 2007-09-11
124	body WWWCN /\b(?:www\.\|https?\:.*)\w+\.cn\b/i
125	describe WWWCN chinese web site
126	score WWWCN 3
127
128	# cjwatson, 2002/04/04
129	body EMAILOFFER /www\.emailoffer\.us/
130	describe EMAILOFFER Gibberish HTML spammers
131	score EMAILOFFER 4.0
132
133	# cjwatson, 2002/04/08
134	body JUSTYAK /www\.JustYak\.com/
135	describe JUSTYAK JustSpam
136	score JUSTYAK 4.0
137
138	# blarson 2007-09-10
139	body SIZMATZ /\bsize-matterz\.com\b/i
140	describe SIZMATZ size matterz
141	score SIZMATZ 3
142
143	# blarson 2007-09-10
144	body EMAGX /\bhttp\:\/\/emagx\.net\b/i
145	describe EMAGX wondercum spammer
146	score EMAGX 3.5
147
148	# blarson 2007-09-13
149	body FREENFL /\bhttp\:\/\/freeNFLtracker\.com\b/i
150	describe FREENFL nfl spam
151	score FREENFL 3
152
153	# blarson 2007-09-13
154	body SPAMARREST /\bhttp\:\/\/www\.spamarrest\.com\b/
155	describe SPAMARREST forwards thier spam problem
156	score SPAMARREST 4
157
158	# blarson 2007-09-14
159	body FROMAD /\bhttp\:\/\/(?:budhipps\|fromad\|conavel\|cliensy\|comnoe)\.com\b/i
160	describe FROMAD more penis spam
161	score FROMAD 4
162
163	# blarson 2007-09-14
164	uridnsbl URIBL_CNKR cn-kr.blackholes.us. A
165	body URIBL_CNKR eval:check_uridnsbl('URIBL_CNKR')
166	describe URIBL_CNKR china or korea hosted web site
167	tflags URIBL_CNKR net
168	score URIBL_CNKR 2.5
169
170	# blarson 2007-09-14
171	uridnsbl_skip_domain debian.org debian.net
172
173	# blarson 2007-09-14
174	uridnsbl URIBL_SBL sbl.spamhaus.org. A
175	body URIBL_SBL eval:check_uridnsbl('URIBL_SBL')
176	describe URIBL_SBL Contains an URL listed in the SBL blocklist
177	tflags URIBL_SBL net
178	#reuse URIBL_SBL
179	score URIBL_SBL 3.5
180
181	# blarson 2007-09-17
182	body MYCHEAP /\b(?:my)?cheap(?:xp\|adobe)?(?:oem\|soft)(?:now\|ware)?\s\.\scom\b/i
183	describe MYCHEAP software spam
184	score MYCHEAP 4
185
186	# blarson 2007-09-16
187	body WWWRU /\b(?:www\.\|https?\:.*)\w+\.ru\b/i
188	describe WWWRU russian web site
189	score WWWRU 2
190
191	# blarson 2007-09-24
192	body VIPSMS /\bvipsms\.org\b/i
193	describe VIPSMS vipsms.org
194	score VIPSMS 4
195
196	# don 2007-10-01
197	header MAKEUP subject =~ /makeup\.com/i
198	describe MAKEUP makeup.com url
199	score MAKEUP 3
200
201	# blarson 2007-10-04
202	body SUBT /\bsubtracthold\.com\b/i
203	describe SUBT subtracthold.com
204	score SUBT 4
205
206	body GRAPHICMAIL /\bhttp\:\/\/www\.graphicmail\.de\b/i
207	describe GRAPHICMAIL graphicmail.de
208	score GRAPHICMAIL 4
209
210
211	body WWWRO /\b(?:www\.\|https?\:.*)\w+\.ro\b/i
212	describe WWWRO romanian web site
213	score WWWRO 2
214
215	# blarson 2007-10-10
216	body CLEANDOM /http\:\/\/\{_clean_domains\}/
217	describe CLEANDOM broken spamware
218	score CLEANDOM 4
219
220	# blarson 2007-10-11
221	body SOFTNLSE /\bsoftnlse\s\.\scom\b/i
222	describe SOFTNLSE softnlse.com
223	score SOFTNLSE 4
224
225	# blarson 2007-10-13
226	body MUSVID /\b(?:MusicAndVideoWorld\|usa-bestsellers)\.com/i
227	describe MUSVID MusicAndVideoWorld.com
228	score MUSVID 4
229
230	# blarson 2007-10-16
231	body PLATSOFT /\btheplatinumsoft\.com\b/i
232	describe PLATSOFT theplatinumsoft.com
233	score PLATSOFT 4
234
235	# blarson 2007-10-22
236	body BLOGSPOT /\bblogspot\.com\b/i
237	describe BLOGSPOT spammers are hosting on blogspot
238	score BLOGSPOT 2
239
240	# blarson 2007-10-25
241	body PILLUS /PILL-US\.COM\b/i
242	describe PILLUS PILL-US spam
243	score PILLUS 4
244
245	# blarson 2007-10-25
246	body BETWEENTO /\bhttp\:\/\/betweento\.com\b/i
247	describe BETWEENTO betweento.com
248	score BETWEENTO 4
249
250	# don 2007-10-25
251	body MASZON /mc?a(szon\|yvidol\|ttk)\.(com\|org\|net)/i
252	describe MASZON pron spam
253	score MASZON 4