debian_pkg-listmaster/spamassassin_config/common/url_spam

# -*- mode: spamassassin -*-
# joy, 2003-06-29
body ORIENTSKY			/orient-sky\.com/
describe ORIENTSKY		Japanese spam
score ORIENTSKY			4

# joy, 2003-07-06
body PACHETES			/www\.pachetes\.com/
describe PACHETES		Spanish spam
score PACHETES			4

# cjwatson, 2003/07/12
body NO_MORE_ACCENT		/www\.no-more-accent\.com/
describe NO_MORE_ACCENT		No More Accent spam
score NO_MORE_ACCENT		4

# joy, 2003-08-15
header FETHARD			Subject =~ /fethard.biz/i
describe FETHARD		Spam from Fethard.biz
score FETHARD			4

# joy, 2003-10-21, 2003-10-31
body PHARMACYSPAM3	/http:\/\/www\.rx(salenow|ville)\.biz/i
describe PHARMACYSPAM3	pharmacy spam 3
score PHARMACYSPAM3	4

# cjwatson, 2004-01-13
# blarson, any number 2004-04-01
# blarson, more ajustmets 2004-04-03
body HREF_NNNN   	/www\.\d{3,5}hosting\.com/
describe HREF_NNNN	www.NNNNhosting.com spam
score HREF_NNNN		3

# cjwatson, 2004-02-16
body SOCCER_MOMS	/www\.soccer-moms\.biz/
describe SOCCER_MOMS	Porn spam
score SOCCER_MOMS	4

# cjwatson, 2004-02-22
body MRSM_TILO		/mrsm-tilo\.com/
describe MRSM_TILO	Medical spam
score MRSM_TILO		4

# cjwatson, 2004-02-27
body FAST_ACTING	/fast-acting\.com/
describe FAST_ACTING	Viagra spam
score FAST_ACTING	4

# blarson 2004-04-04
body COMCLICKPH		/com-click\.com\.ph/
describe COMCLICKPH	PH spam gang
score COMCLICKPH	4

# blarson 2004-05-01
body MEDS675		/(675meds|medsarergreat)\.com/i
describe MEDS675	More drug spam
score MEDS675		3

# blarson 2004-04-30
body ERHOME		/erhome\.com/i
describe ERHOME		loan spammer
score ERHOME		3

# blarson 2005-04-27
body CANDYHOS		/\.(?:candyhos\.com|(?:mycountry|polty|make4u)\.cc|puchiphoto\.org|purepure\.org)\//i
describe CANDYHOS	spams from korea, hosts in japan
score CANDYHOS		5

# blarson 2005-12-08
# don 2007-11-21 -- combine other rule; increment score
# don 2009-02-17 -- increase score even more; ditch http
uri GEOCITIES		/geocities/i
describe GEOCITIES	geocities uri
score GEOCITIES		3

# blarson 2005-12-24
body EMPTYURL		/\bhttp:\/\/(?:www\.)?$/i
describe EMPTYURL	empty URL
score EMPTYURL		1.5

# blarson 2006-02-06
body AMPRO		/www\.amateurprovideo\.info/i
describe AMPRO		bug submitting spammer
score AMPRO		5

# blarson 2007-04-03
body IMAGESHACK		/\/img\d+\.imageshack\.us\//i
describe IMAGESHACK	shack attack
score IMAGESHACK	3.5


# dla 2007-04-03
header MSOUTLOOK	x-mailer =~ /Microsoft\s+Outlook/i
describe MSOUTLOOK	Microsoft Outlook
score	MSOUTLOOK	0

meta SHACKOUTLOOK	IMAGESHACK && MSOUTLOOK
describe SHACKOUTLOOK	shack'ed to outlook
score SHACKOUTLOOK	2

# blarson 2007-04-09
body UNSUBG		/\bwww\.guiaartistica\.com\.ar\b/
describe UNSUBG		spamming bts with unsubscribe messages
score UNSUBG		14

# blarson 2007-05-14
body IMGCLOSET		/\bhttp\:\/\/.*\b((image(closet|thrust|hosting)|mypicshare|tinypic|fileanchor|imgspot)\.com|bilder-hosting\.de|saunalahti\.fi|upload2\.net|imagehost\.ro)\b/i
describe IMGCLOSET	closet spammer
score IMGCLOSET		3.5

# blarson 2007-05-17
body TROUBLEDE		/\bhttp\:\/\/www\.TroubleAgent\.de\b/
describe TROUBLEDE	troubleagent.de spam
score TROUBLEDE		3.5

# don 2007-05-24
body BESTLOANS		/www.bestmortloans.com/i
describe BESTLOANS	Best loans url
score BESTLOANS		2

# blarson 2007-07-22 2007-09-12
body PENPRO		/\@(?:penmailpro|OnsetIng|openprotection|NearOut|SuperOnset|medicalgloveonline|YourOnset|GreatGloveCell|thegloveworks|asiafriendworld|NaturalImprove|charmshine|healthinsweb)\.info\b/i
describe PENPRO		penmailpro spam
score PENPRO		3.5

# blarson 2007-09-05 2007-09-11 2009-04-12
body WWWCN		/\b(?:www\.|https?\:.*)(\w|-|\.)+\.cn\b/i
describe WWWCN		chinese web site
score WWWCN		3

# cjwatson, 2002/04/04
body EMAILOFFER			/www\.emailoffer\.us/
describe EMAILOFFER		Gibberish HTML spammers
score EMAILOFFER		4.0

# cjwatson, 2002/04/08
body JUSTYAK			/www\.JustYak\.com/
describe JUSTYAK		JustSpam
score JUSTYAK			4.0

# blarson 2007-09-10
body SIZMATZ		/\bsize-matterz\.com\b/i
describe SIZMATZ	size matterz
score SIZMATZ		3

# blarson 2007-09-10
body EMAGX		/\bhttp\:\/\/emagx\.net\b/i
describe EMAGX		wondercum spammer
score EMAGX		3.5

# blarson 2007-09-13
body FREENFL		/\bhttp\:\/\/freeNFLtracker\.com\b/i
describe FREENFL	nfl spam
score FREENFL		3

# blarson 2007-09-13
body SPAMARREST		/\bhttp\:\/\/www\.spamarrest\.com\b/
describe SPAMARREST	forwards thier spam problem
score SPAMARREST	4

# blarson 2007-09-14
body FROMAD		/\bhttp\:\/\/(?:budhipps|fromad|conavel|cliensy|comnoe|mybudshop)\.com\b/i
describe FROMAD		more penis spam
score FROMAD		4

# blarson 2007-09-17
body MYCHEAP		/\b(?:my)?cheap(?:xp|adobe)?(?:oem|soft)+(?:now|ware)?(?:(?:4|for)?less)?\d*\s*\.\s*com\b/i
describe MYCHEAP	software spam
score MYCHEAP		4

# blarson 2007-09-16
body WWWRU		/\b(?:www\.|https?\:.*)\w+\.ru\b/i
describe WWWRU		russian web site
score WWWRU		2

# blarson 2007-09-24
body VIPSMS		/\bvipsms\.org\b/i
describe VIPSMS		vipsms.org
score VIPSMS		4

# don 2007-10-01
header MAKEUP		subject =~ /makeup\.com/i
describe MAKEUP		makeup.com url
score MAKEUP		3

# blarson 2007-10-04
body SUBT		/\bsubtracthold\.com\b/i
describe SUBT		subtracthold.com
score SUBT		4

body GRAPHICMAIL	/\bhttp\:\/\/www\.graphicmail\.de\b/i
describe GRAPHICMAIL	graphicmail.de
score	GRAPHICMAIL	4


body WWWRO		/\b(?:www\.|https?\:.*)\w+\.ro\b/i
describe WWWRO		romanian web site
score WWWRO		2

# blarson 2007-10-10
body CLEANDOM		/http\:\/\/\{_clean_domains\}/
describe CLEANDOM	broken spamware
score CLEANDOM		4

# blarson 2007-10-11
body SOFTNLSE		/\bsoftnlse\s*\.\s*com\b/i
describe SOFTNLSE	softnlse.com
score SOFTNLSE		4

# blarson 2007-10-13
body MUSVID		/\b(?:MusicAndVideoWorld|usa-bestsellers)\.com/i
describe MUSVID		MusicAndVideoWorld.com
score MUSVID		4

# blarson 2007-10-16
body PLATSOFT		/\btheplatinumsoft\.com\b/i
describe PLATSOFT	theplatinumsoft.com
score PLATSOFT		4

# blarson 2007-10-22
body BLOGSPOT		/\bblogspot\.com\b/i
describe BLOGSPOT	spammers are hosting on blogspot
score BLOGSPOT		3

# blarson 2007-10-25
body PILLUS		/PILL-US\.COM\b/i
describe PILLUS		PILL-US spam
score PILLUS		4

# blarson 2007-10-25
body BETWEENTO		/\bhttp\:\/\/betweento\.com\b/i
describe BETWEENTO	betweento.com
score BETWEENTO		4

# don 2007-10-25
body MASZON		/mc?a(szon|yvidol|ttk)\.(com|org|net)/i
describe MASZON		pron spam
score MASZON		4


# blarson 2007-10-27
body GMAIL		/\@gmail\.com\b/i
describe GMAIL		@gmail.com
score GMAIL		1

# blarson 2007-10-28
body MAILRU		/\@mail\.ru\b/i
describe MAILRU		@mail.ru
score MAILRU		3

# blarson 2007-10-31
body ADOBE4LESS		/\b(?:adobe4less|realnewsoft|newmicrosoftdeals|kvaka-soft)\s*[.,]\s*com\b/i
describe ADOBE4LESS	adobe4less . com
score ADOBE4LESS	4

# blarson 2007-11-01
body RMAPPLY		/http\:\/\/rmapply\.com\b/i
describe RMAPPLY	http://rmapply.com
score RMAPPLY		4

# blarson 2007-11-04
header HANOIFASH	subject =~ /WWW\.HANOI-FASHION\.COM/i
describe HANOIFASH	WWW.HANOI-FASHION.COM
score HANOIFASH		4

# blarson 2007-11-06
body ONLINEMED		/\b(?:onlinemedicalkey|pharm\w*|webvinz|wendebay|webdcd|vowelstep|wclth|duringgear|broadbasic|instantsuffix|magnetdouble|drugsdirecteat)\s*\.\s*com\b/i
describe ONLINEMED	onlinemedicalkey.com
score ONLINEMED		4

# blarson 2007-11-15
body GETUP		/\bgetupgradednow\.com\b/i
describe GETUP		getupgradednow.com
score GETUP		4

# blarson (pusling's idea) 2007-11-16
body SPACECOM		/^[\w\d]+\s\.\scom\b/
describe SPACECOM	whatever . com
score SPACECOM		3

# don -- flowgoaway.com doesn't appear to be a working RBL anymore (if it ever was?)
# blarson 2007-11-20
# uridnsbl URIBL_FLO	flowgoaway.com.	A
# body	URIBL_FLO	eval:check_uridnsbl('URIBL_FLO')
# describe URIBL_FLO	web site in flowgoaway.com
# tflags	URIBL_FLO	net
# score URIBL_FLO		1

# blarson 2007-11-20
body SOFTROU		/\bwww\.softrou\.com\b/i
describe SOFTROU	www.softrou.com
score SOFTROU		3

# blarson 2007-11-20
body GOOGLEPAGES	/\bgooglepages\.com\b/i
describe GOOGLEPAGES	spammers use googlepages
score GOOGLEPAGES	2

# blarson 2007-12-07
body SOFTBESTGRAND	/\bsoft(?:bestgrand|wareonlinemuch)\.com\b/
describe SOFTBESTGRAND	softbestgrand.com
score SOFTBESTGRAND	4

# blarson 2007-12-10
body PCSOFTCHEAP	/\b(?:pcsoftcheap|cheapezsoft|cheapsoftxp|adobe4cheap|phonowa|saleonsoftware|bestdealoem|realcheapsoft|krasniyles|cheapxp4pc|supercheapoem|lowpriceoem|realcheapoem|cheapadobedeal|softwarefoundation|2008oem|xpxmas|cheap2008soft|snowysoftware|2008adobe|adobe2008|cheapgetsoftone|x(?:higher|main|prime)(?:soft|software|easy)|softonlinepc|andsoftware|softonlinedownload|kunchakoem|erhere\w|kiroemch|phonowd|cheap(?:soft|oem|software)here|softwarenowprox|xprosoftonlinedl|siniyglaz|popandosoem|xsoftprodepot|triudava|krasniynos|fastsoftnow|cheapeasy(soft|oem|software)|ezadobenow|softnowpromohere|primenetsofthe|nowinstantsoftieq|isktesoft|best(?:oem|soft|software)2008|new2008(?:soft|oem|software)|fastez(?:soft|oem|software)|ezfast(?:oem|soft|software)|2008(?:micro)?softdeals|oemfactorysale|nbuysoft|softnuhere|softsale2008|softwintersale|blatnoyoem|svedsoft|gsxoempromo|getmicrosoftfast|adobeoemsale|xp4(?:cheap|less)|xpoemnow|buycheapxp|alloem4less|lun(?:soft|oem|software)|(?:new|fast)xp(?:soft|oem|software)|frukanoka|softcheap(?:n[eo]w|xp)|adobe(?:web|blog|new)(?:soft|spot|deal))\s?\.\s?(?:com|net)\b/
describe PCSOFTCHEAP	pcsoftcheap. com
score PCSOFTCHEAP	4

# blarson 2007-12-11
body GOLDGAME		/\b(?:gamblingplacegold|goldgamesite|topgamingsite|richbestgaming|luxgoldgaming)\.(?:net|com)\b/
describe GOLDGAME	gambling sites
score GOLDGAME		4

# blarson 2007-12-14
body ENLARGETW		/\b(?:enlarge|0rz)\.tw\b/
describe ENLARGETW	enlarge.tw
score ENLARGETW		4

# blarson 2007-12-15
body POSTTHROUGH	/\b(?:postthrough|speedgrand|certaincoast)\.com\b/
describe POSTTHROUGH	postthrough.com
score POSTTHROUGH	4

# blarson 2007-12-25
body UHAVE		/\b(?:uhavepost|happy(?:santa)?|newyear|familypost|fresh|post)cards?-?(?:2008)?\.com\b/
describe UHAVE		uhavepostcard.com
score UHAVE		4

# blarson 2007-12-26
body RUSSWIFE		/\b(?:your|best|new|the|my)(?:russ[il]an?|address|russ)(?:wife|bride)\.info\b/
describe RUSSWIFE	yourrussianwife.info
score RUSSWIFE		4

# blarson 2007-12-31
body HAPPY2008		/\b(?:happy2008toyou|hellosanta2008|hohoho2008|santawishes2008)\.com\b/
describe HAPPY2008	happy2008toyou.com
score HAPPY2008		4

# blarson 2008-01-02
body BONGHIT		/\b(?:beaverbonghits|dobongworld)\.com\b/
describe BONGHIT	beaverbonghits.com
score BONGHIT		4

# blarson 2008-01-02
body GOOGLESEARCH	/\bgoo+gle\.(com|\w\w|com?\.\w\w)\/+(?:search|pagead)/i
describe GOOGLESEARCH	google search URL
score GOOGLESEARCH	2

# blarson 2008-01-02
body SIGAS		/\b(?:Sigashash|Reelhotsi|Erisgoonti|Erisgoners|Freesignsies|Rielhotties|Foredroons|Feeshoons|Erisgant|hapburge|wuimooed|jiuezdoo|goingoinghom|buloies|Poeshages|Rueshabesoo|clitoriseries|clitorina|glueplot|crumbtost|ideaputs)(?:\.|\=2E)com\b/
describe SIGAS		www.Sigashash.com
score SIGAS		4

# blarson 2008-01-05
body RUSSIABRIDE	/\bruss[il]an?(bride|wife)(?:home|live|blog|)\.info\b/
describe RUSSIABRIDE	russiabridehome.info
score RUSSIABRIDE	4

# blarson 2008-01-14
body REDMEHS		/\bwww\.(?:redmehs|feltas|barataslo|quasibot|tageshes|flessimo|spendhope|instrumentstart)\b/
describe REDMEHS	www.redmehs
score REDMEHS		4

# blarson 2008-01-15
body MYURL		/\bmyurl\.com\.tw\b/i
describe MYURL		myurl.com.tw
score MYURL		3

# blarson 2008-01-28
body W0MEN		/w0men\.info\b/i
describe W0MEN		hotw0men.info ukrw0men.info
score W0MEN		3

# blarson 2008-01-29
body ACEMST		/\bacemst\.com\b/
describe ACEMST		acemst.com
score ACEMST		3

# blarson 2008-02-01
body GALSINFO		/\b(?:foreigngals|californiaimprove)\.info\b/i
describe GALSINFO	foreigngals.info
score GALSINFO		3

# blarson 2008-02-06
body RIDGEST		/\bridgest\.com\b/
describe RIDGEST	ridgest.com
score RIDGEST		4

# blarson 2008-02-16
body SOFTROI		/\bsoft(?:roi|ove)\.com\b/
describe SOFTROI	softroi.com
score SOFTROI		4

# don 2008-02-23
body FILEZONE		/(file-zone.co.uk|File-Zone)/
describe FILEZONE	File-Zone
score FILEZONE		2

# blarson 2008-02-28
body X2J1F		/\b2j1f\.com\b/i
descrIbe X2J1F		2j1f.com
score X2J1F		4

# blarson 2008-02-28
body ILVE		/\bilveant\.net\b/i
describe ILVE		www.ilveant.net
score ILVE		4

# don 2008-03-04
body  VIDEOFILBMS	/www\.videofilbms\.cn/i
describe VIDEOFILBMS	video filbms url
score	 VIDEOFILBMS	4

# blarson 2008-03-05
body ABESOFT		/\bca.abesoft\.com\b/i
describe ABESOFT	www.cazabesoft.com etc.
score ABESOFT		4

# blarson 2008-03-06
body STARLEYT		/\bstarleyt\.com\b/i
describe STARLEYT	starleyt.com
score STARLEYT		4

# blarson 2008-03-07
body URLOEM		/\bhttp\:\/\/\{/
describe URLOEM		http://{urloem2}
score URLOEM		3

# blarson 2008-03-12
body WILDERGO		/\b(?:WilderGoLovan|golovable|BestGolova|SuperGolovaWorld)\.com\b/i
describe WILDERGO	WilderGoLovan.com
score WILDERGO		4

# don 2008-03-17
body PROGOLD		/\bprogold-inc\.com\b/i
describe PROGOLD	progold-inc.com
score PROGOLD		4

# blarson 2008-03-18
body KMINU		/\b(?:kminutte|rubstream)\.com\b/i
describe KMINU		kminutte.com
score KMINU		4

# don 2008-03-19
body SCIJOURNALS	/\bsciencejournals\.info\b/i
describe SCIJOURNALS	scientific journals
score SCIJOURNALS	4

# blarson 2008-03-19
body JANEHOT		/\bjane\d[\w\d]*\@hotmail\.com\s*$/
describe JANEHOT	jane*@hotmail.com
score JANEHOT		3

# blarson 2008-03-20
rawbody BIFUTRA		/\b(?:bifutra|veriapoli|xenifeao|toporaig|jieros|bifreca|werikine|incroomise|genbullenst|writeprovide)(?:\.|\=2E)com\b/
describe BIFUTRA	spammer web sites
score BIFUTRA		4

# don 2008-04-02
body LONGLINEURL	/^.{55,}\S\shttp:\/\/www\.\w+\.(?:com|net|org)\/\s*$/
describe LONGLINEURL	long line ending in a simple url
score LONGLINEURL	2

# don 2008-04-07
uri MYTHANKYOUURI	/www\.mythankyou\.com/i
describe MYTHANKYOUURI	www.mythankyou.com
score MYTHANKYOUURI	5

# blarson 2008-04-09
uri SAMEAS		/\bsupersameas\.com\b/
describe SAMEAS		supersameas.com
score SAMEAS		3

# blarson 2008-04-12
body URIEXE		/\bhttp:\S*\.exe\b/
describe URIEXE		.exe url
score URIEXE		3

# blarson 2008-04-24
uri SANSATION		/\b(?:sansationel|garmenys|iconaliste)\.com\b/i
describe SANSATION	sansationel.com
score SANSATION		4

# blarson 2008-05-04
body EQMEDS		/\beqmeds\b/i
describe EQMEDS		eqmeds
score EQMEDS		4

# blarson 2008-05-06
uri MYLIVE			/\bmylivegi\b/i
describe MYLIVE		mylivegirlx.com
score MYLIVE		4

# don 2008-05-26
body BROKENURL		/^\s*www((\s+\.\s*)|(\s*\.\+))\S+((\s+\.\s*)|(\s*\.\+))(com|net|org)\s*$/
describe BROKENURL	Broken url displayed
score BROKENURL		4

# don 2008-06-13
body STUPIDURL         /\w+\[\w+\](?:com|net|org)/
describe STUPIDURL     No one will guess that fooo[DOT]com is an URL!
score STUPIDURL	       2.5

# blarson 2008-06-16
body SUGARCOM		/\b(?:indicatesugar|industryexpect|eset)\.com\b/
describe SUGARCOM	indicatesugar.com
score SUGARCOM		4

# blarson 2008-07-22
body VIEWMOVIE		/\/(?:(?:viewmovie|stream|watchit|topnews|hotnews|fresh|checkit|default|gowatch|showvideo|livestreaming|top|whatsup|tophot|lol|first|index1|1)\.html\b|(?:video|news2\/)\s*$)/
describe VIEWMOVIE	tabiloid style spam
score VIEWMOVIE		3

# blarson 2008-07-22
uri OPERAMAIL		/\bwww\.opera\.com\/mail\//
describe OPERAMAIL	opera.com mail
score OPERAMAIL		1

# blarson 2008-08-09
body NOSITE		/http:\/\/\//
describe NOSITE		http URL with no site
score NOSITE		2

# don 2008-09-04
uri TIECORRECT		/tiecorrect\.com/
describe TIECORRECT	Contains a tiecorrect.com uri
score TIECORRECT	4

# don 2009-02-04
body FOURMINUTI		/4minuti/
describe FOURMINUTI	Spam from 4 minuti
score FOURMINUTI	3

# don 2009-02-09
uri CREDITREPORTURI	/creditreport/
describe CREDITREPORTURI Credit report in the url isn't good
score CREDITREPORTURI	 2

uri YAARIURI		 /yaari.com/i
describe YAARIURI	 Contains a yaari.com uri
score YAARIURI		 3

uri MALADIRET		 /maladiretaemails/
describe MALADIRET	 Contains a maladiret uri
score MALADIRET		 5

uri DEBRICOLAJE		 /debricolaje/i
describe DEBRICOLAJE	 Contains a debricolaje url
score DEBRICOLAJE	 6

# blarson 2009-05-02
uri	ISUISSE		/\bisuisse\.com/
describe ISUISSE	isuisse.com
score ISUISSE		4

# don 2010-03-16
uri EMAILSPARKLE	/emailsparkle.com/
describe EMAILSPARKLE	emailsparkle.com uri
score EMAILSPARKLE	4

# don 2011-10-3
uri MULTIPLYCOM		/multiply.com/
describe MULTIPLYCOM	multiply.com uri
score MULTIPLYCOM	3

# don 2012-1-9
uri OROUNRU		/oruon.ru/
describe OROUNRU	oruon.ru uri
score OROUNRU		4

# don 2012-03-07
uri HALFTONESYSTEMS	/halftonesystems.com/i
describe HALFTONESYSTEMS Links to halftonesystems.com
score HALFTONESYSTEMS 4

uri VISITPAGE /visit-?page.(com|org|net)/i
describe VISITPAGE Link to visit-page.com
score VISITPAGE 4