URLBody

I have spent some time looking into this problem. Firstly, the web address
often contained in the spam emails does not resolve to a IP address but the
domain name is valid and is usually registered with ns-sky33.com. This
chinese domain name server is known about but has changed it's IP address
or is faking it somehow. I don't know how hard this would be to do or
whether it would be too slow but how about if an URL does not resolve to an
address then try a whois lookup. This still does give the IP address
because it is setup by a nasty but it does give the name server and this
could be looked up and blocked.

Yet others are handled correctly for example:
11:13:29 01/05/08 FETCHING: ("Lou Cano" <uecqwcv@botox.com>) Re: Gate
11:13:29 01/05/08 EMAIL ADDRESS: uecqwcv@botox.com
11:13:29 01/05/08 EMAIL ADDRESS: uecqwcv@botox.com
11:13:29 01/05/08 I.P. ADDRESS: 212.87.87.240 requires DNSBL queries
11:13:29 01/05/08 I.P. ADDRESS: 78.150.75.140 requires DNSBL queries
11:13:29 01/05/08 I.P. ADDRESS: 78.150.75.140 requires DNSBL queries
11:13:29 01/05/08 I.P. ADDRESS: 78.150.75.140 requires DNSBL queries
11:13:31 01/05/08 HOSTNAME: www.vulepolss.com (resolving)
11:13:31 01/05/08 SPAM: (SPAM ZEN 78.150.75.140) ("Lou Cano"
<uecqwcv@botox.com>) Re: Gate

Here is the Spampal log:
11:13:56 01/05/08 FETCHING: ("Elsa Bonilla"
<fveflwrqadab@br7uptx.com>) Re: Elsa
11:13:56 01/05/08 EMAIL ADDRESS: fveflwrqadab@br7uptx.com
11:13:56 01/05/08 EMAIL ADDRESS: fveflwrqadab@br7uptx.com
11:13:56 01/05/08 I.P. ADDRESS: 212.87.87.240 requires DNSBL queries
11:13:56 01/05/08 I.P. ADDRESS: 201.254.123.154 requires DNSBL queries
11:13:56 01/05/08 I.P. ADDRESS: 201.254.123.154 requires DNSBL queries
11:13:57 01/05/08 HOSTNAME: www.theasdpoee.com (resolving)
11:13:57 01/05/08 PASS: (PASS) ("Elsa Bonilla"
<fveflwrqadab@br7uptx.com>) Re: Elsa

As you can see the hostname is looked up but it should be PASS failed
because that ip is returned on SBL etc.