ned at unixmail
Apr 17, 2012, 5:53 AM
Post #4 of 4
On 17/04/12 12:40, xTrade Assessory wrote:
> Ned Slider wrote:
>> On 17/04/12 11:54, joea wrote:
>>> Getting "scanned document", "pills" and stuff with a url of
>> Would emails with Russian URLs be legitimate in your organisation? Any
>> .ru URL gets 6pts here by default - no complaints yet.
> that certainly is not very nice. Electronic racism ...
Not at all, it is based purely on statistical analysis of my mail flow.
> even if the spam quote may be high, there are legitimate users which
> should not pay for that
I don't see any legitimate users here, I only see spam containing URIs
in the body ending in the tld .ru - YMMV
> specially when you analyze better and see that the origin often is US or
> others, the only use .ru services to send it out ...
I'm not suggesting blocking mail *from* .ru, I'm suggesting scoring
mails in SA with URIs in the body ending in .ru *if* you don't expect to
see such URIs in your regular mail flow.
> IMO when the domain and sender exist, not as known spammer or OR, you
> should not do that and better hang on to content analysis for
That's exactly what I am doing - content evaluation/scoring based on
statistical analysis of my own mail flow. A mail containing a URI ending
in .ru is a very good indicator of spam on my server so I score it
appropriately in SA. YMMV