|Follow-up on blog Tooms is diving into the Phish Tank|
After testing some more i have not been able to get the hit rate better, there is simply to much random things in the URLs for this to work well.
For this to get better then there most be some standards for what to do with random things like if the hostname in the URLs is detected as random then it will be change to the hostname random.domain.tld..
so URLs like this "http: // some.thing.domain.tld/" will be change to "http // random.domain.tld/"
So the idea need more work before it will be good.
In fact some years ago i had a homebuilt plug-in for mailsweeper there was matching URLs with a local database and the database fill with URLs from some honeypot accounts on the same server, it work well but the database got very big and it cost a lot of CPU time.. so it can work but need more work to build smart code there can detect for random things in the URLs... So the idea is not dead, maybe some day I will have a public plug-in there is matching URLs with a database.