From users-return-117759-archive-asf-public=cust-asf.ponee.io@spamassassin.apache.org  Tue Mar 13 21:51:55 2018
Return-Path: <users-return-117759-archive-asf-public=cust-asf.ponee.io@spamassassin.apache.org>
X-Original-To: archive-asf-public@cust-asf.ponee.io
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by mx-eu-01.ponee.io (Postfix) with SMTP id 2C5FA18064F
	for <archive-asf-public@cust-asf.ponee.io>; Tue, 13 Mar 2018 21:51:55 +0100 (CET)
Received: (qmail 37520 invoked by uid 500); 13 Mar 2018 20:51:53 -0000
Mailing-List: contact users-help@spamassassin.apache.org; run by ezmlm
Precedence: bulk
list-help: <mailto:users-help@spamassassin.apache.org>
list-unsubscribe: <mailto:users-unsubscribe@spamassassin.apache.org>
List-Post: <mailto:users@spamassassin.apache.org>
List-Id: <users.spamassassin.apache.org>
Delivered-To: mailing list users@spamassassin.apache.org
Received: (qmail 37506 invoked by uid 99); 13 Mar 2018 20:51:52 -0000
Received: from pnap-us-west-generic-nat.apache.org (HELO spamd2-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 13 Mar 2018 20:51:52 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org) with ESMTP id 7297B1A05A9
	for <users@spamassassin.apache.org>; Tue, 13 Mar 2018 20:51:52 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: 1.889
X-Spam-Level: *
X-Spam-Status: No, score=1.889 tagged_above=-999 required=6.31
	tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
	HTML_MESSAGE=2, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001,
	T_RP_MATCHES_RCVD=-0.01] autolearn=disabled
Authentication-Results: spamd2-us-west.apache.org (amavisd-new);
	dkim=pass (2048-bit key) header.d=yahoo.com
Received: from mx1-lw-us.apache.org ([10.40.0.8])
	by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new, port 10024)
	with ESMTP id 2c3Z8vWL-Y6A for <users@spamassassin.apache.org>;
	Tue, 13 Mar 2018 20:51:51 +0000 (UTC)
Received: from sonic305-4.consmr.mail.bf2.yahoo.com (sonic305-4.consmr.mail.bf2.yahoo.com [74.6.133.43])
	by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id 043A75F24F
	for <users@spamassassin.apache.org>; Tue, 13 Mar 2018 20:51:50 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1520974310; bh=/xWy1weUz0rhQLWp7uYO6YAAQu5AT0098Om/9w0qVao=; h=Date:From:To:In-Reply-To:References:Subject:From:Subject; b=mqTDAGz2/mytFTGUEiCRHuZ+/otZbTQRApH1lzMIVPGqsZ+2zme34jktu6aAY/BJzwBgJlyM46vegaSV/BIOPNsLcKN6d0bq/fb2ckcaThXzF6ADalN6NopQd2AgSzZIYB23g0E2MzySTx05DxK2ZB1cH855dV23MbsGxwRkPvTdIsC1D6ZfY5QOCTEObiLX7wMVqwPCTfCgpRT9kH01Xw7CCQcpLx7eGft0Cm1sT/XlsxRSahwem9a0hcjlG4Xe4TyTpCE0+W4TbHzGdm8hmjIi1GqfYuuYBGlEd09KsYErwD1ZXdGTrdlaTAxkRP+aGzW+Sklp8N/m+DQ7IGNLnw==
X-YMail-OSG: PmL47qwVM1kmH1AJMdMw7C9gt6LcR_TS6qxPEt3tKhi2kjxQDVqLGP83ln_IX81
 xU3l3s_xActQVV31FPaaHLIiSygWx9s09GSuUdsZzlYPEflREPAAOFZ2DkMPXNHCNU6TYLCxK2Xm
 lolQwc0ki_UiUe3hVYlOJMqKxaEaktsUEVFshnM78UQzKKpm6Hw1inI1cvLewXXOFRbpEtx7_AsF
 P8c2MCulqCiVKdA3NusJnF6LkQZDqrLXrhX8i.ZNtQoMEfxfrnFglbccy84PUA_QFhy7xothKqCW
 t4bubNYVk9NSlOq7dxAyC_UYe.IxaYXu_Wdgy_WG6k3B3WNUkATyzmkNaaL3qWbAoO1XXj4wv2Zh
 olzMNKAoXhbF1lQKhiXDAvX36L18w9hAotmWy_AqjIf4Vasi6KJ7xT3TrJO0L1BIFLGvrGQptj1.
 E1ImwlT37hZZznuIHkKeaZ9l2spJlVmWdlUEiaURV.dVa7svWDSSGDGrSd.lPl_Lp_5dz
Received: from sonic.gate.mail.ne1.yahoo.com by sonic305.consmr.mail.bf2.yahoo.com with HTTP; Tue, 13 Mar 2018 20:51:50 +0000
Date: Tue, 13 Mar 2018 20:51:44 +0000 (UTC)
From: Pedro David Marco <pedrod_marco@yahoo.com>
To: users@spamassassin.apache.org, Olivier Coutu <olivier.coutu@zerospam.ca>
Message-ID: <402947579.731968.1520974304673@mail.yahoo.com>
In-Reply-To: <a0b058bf-274f-637c-6cc3-8fa71684ff54@zerospam.ca>
References: <a0b058bf-274f-637c-6cc3-8fa71684ff54@zerospam.ca>
Subject: Re: Dealing with links to malicious documents
MIME-Version: 1.0
Content-Type: multipart/alternative; 
	boundary="----=_Part_731967_254202568.1520974304672"
X-Mailer: WebService/1.1.11573 YMailNorrin Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.186 Safari/537.36

------=_Part_731967_254202568.1520974304672
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit

 

   
>a) Link following
>Whether it is only for url shorteners or for all links, simulating a click could give us info on what will happen, but has implications when the website interprets that like a click from the user and updates their database in >some way such as unsubscribing a user.
Be carefull with one time links !!!! Download only headers may be a good idea

Another idea may be to donwload headers with different user-agents . If we get different responses.....

----PedroD

 
  
------=_Part_731967_254202568.1520974304672
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 7bit

<html><head></head><body><div style="font-family:times new roman, new york, times, serif;font-size:16px;"><div></div>
            <div><br></div><div><br></div>
            
            <div id="ydp530d49e9yahoo_quoted_1487526339" class="ydp530d49e9yahoo_quoted">
                <div style="font-family:'Helvetica Neue', Helvetica, Arial, sans-serif;font-size:13px;color:#26282a;">
                    
                    <div><br></div><div><div id="ydp530d49e9yiv0691454635"><div>&gt;a) Link following<br>&gt;Whether it is only for url shorteners or for all links, simulating a
    click could give us info on what will happen, but has implications
    when the website interprets that like a click from the user and
    updates their database in &gt;some way such as unsubscribing a user.</div><div><br></div><div>Be carefull with one time links !!!! Download only headers may be a good idea</div><div><br></div><div><br></div><div>Another idea may be to donwload headers with different user-agents . If we get different responses.....</div><div><br></div><div><br></div><div>----</div><div>PedroD<br><br>
  </div><div><br></div>

</div></div>
                </div>
            </div></div></body></html>
------=_Part_731967_254202568.1520974304672--