Hi all,
I don't know how new this trick is, but I've not seen it before -- the
spammer is using HTML tables to break up the message content. Also,
most of the interesting words are mis-spelled. It does at least hit
on HG_HORMONE.
(I've just noticed that it has both a "References" and an
"In-Rep
Yep, you're right, it's not new. This very behavior is the reasoning behind
the "GAPPY_TEXT" rule.
Unfortunately GAPPY_TEXT has issues which give it horrible statistics, thus
a low score...
From 2.43's STATISTICS.txt
OVERALL% SPAM% NONSPAM% S/ORANK SCORE NAME
1.4212.2331.2
On 02/06/03 07:30 PM, Martin Radford sat at the `puter and typed:
> Hi all,
>
> Well, this probably isn't a new trick, but it's the first time I've
> noticed it:
>
> Here is your chance to skip the embarrassing, time-consuming task of
> going to d.octor's appointments to try and get the p
Hi all,
Well, this probably isn't a new trick, but it's the first time I've
noticed it:
Here is your chance to skip the embarrassing, time-consuming task of
going to d.octor's appointments to try and get the p.rescription you
want. We're ready to Fedex your online v_i a g r_a p.rescrip
> -Original Message-
> From: Frank Pineau [mailto:[EMAIL PROTECTED]]
> Sent: Martes, 08 de Octubre de 2002 18:49
> To: Spamassassin List
> Subject: Re: [SAtalk] New spammer trick (aka: stupid browser trick)
>
>
> On Tue, 8 Oct 2002 14:37:57 -0700, you wrote
2002 4:06 PM
To: Spamassassin List
Subject: RE: [SAtalk] New spammer trick (aka: stupid browser trick)
It's just another form of decimal notation scam. I have a program in my palm
to convert just such little beasties :) Users with a clue somtimes use the
same aproach to defeat web filters. THey
show him
where the decimal and or hex IP goes to ;)
Chris
-Original Message-
From: Matthew Cline [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, October 08, 2002 7:13 PM
To: Spamassassin List
Subject: Re: [SAtalk] New spammer trick (aka: stupid browser trick)
On Tuesday 08 October 2002 02:10 pm,
On Tuesday 08 October 2002 02:10 pm, Theo Van Dinter wrote:
> I just got some spam that included an URL like:
>
> http:[EMAIL PROTECTED]
>
> Now, we all know the www.yahoo.com bit is a username, but the "hostname"
> threw me off. Sure enough, at least IE and Mozilla both convert the
> hex to IP.
On Tue, 8 Oct 2002 14:37:57 -0700, you wrote:
>| 0xD5.0xEF.0x8F.0x9D
>
>resolves to www.amsterdamcash.com (213.239.143.157)
>
>It scares me to think that spammers might be starting to evolve into having
>the same intelligence level as a human.
This trick's been going on for years, but this is th
On Tuesday 08 October 2002 23:10 CET Theo Van Dinter wrote:
> I just got some spam that included an URL like:
>
> http:[EMAIL PROTECTED]
>
> Now, we all know the www.yahoo.com bit is a username, but the "hostname"
> threw me off. Sure enough, at least IE and Mozilla both convert the
> hex to IP.
| 0xD5.0xEF.0x8F.0x9D
resolves to www.amsterdamcash.com (213.239.143.157)
It scares me to think that spammers might be starting to evolve into having
the same intelligence level as a human.
---
This sf.net email is sponsored by:ThinkGeek
We
I just got some spam that included an URL like:
http:[EMAIL PROTECTED]
Now, we all know the www.yahoo.com bit is a username, but the "hostname"
threw me off. Sure enough, at least IE and Mozilla both convert the
hex to IP. Stupid browsers.
--
Randomly Generated Tagline:
Quiet, you kids! If
12 matches
Mail list logo
