On Thu, Mar 09, 2006 at 10:05:15AM -0500, Kevin A. McGrail wrote:
> However, this rule does trigger on the technique I sent. I want to work on
> the nested anchor idea as well but in the meantime, I'd like to hear
> feedback on this trigger. It seemed REALLY spammy to me. Anyone get any
> hit
I ran the rule below through the NightlyMassCheck with a 0 HAM hit and a 0
SPAM hit on those corpuses so the technique might not be very prevalent.
However, this rule does trigger on the technique I sent. I want to work on
the nested anchor idea as well but in the meantime, I'd like to hear
f
On Wednesday 08 March 2006 21:57, jdow wrote:
>From: "Kenneth Porter" <[EMAIL PROTECTED]>
>
>> --On Wednesday, March 08, 2006 8:40 PM -0500 Theo Van Dinter
>>
>> <[EMAIL PROTECTED]> wrote:
>>> Not in SA proper. For curiosity sake, I wrote up a quick rule to
>>> test it out:
>>>
>>> MSECSSPAM%
On Wed, Mar 08, 2006 at 06:46:41PM -0800, Kenneth Porter wrote:
> > 1.400 1.0852 3.17810.255 0.001.00 TVD_NESTED_ANCHOR
> What MUA generates all the FP's?
I already deleted the results, but there were a lot of newsletters.
People are sloppy when they write html, leave an anchor tag
From: "Kenneth Porter" <[EMAIL PROTECTED]>
--On Wednesday, March 08, 2006 8:40 PM -0500 Theo Van Dinter
<[EMAIL PROTECTED]> wrote:
Not in SA proper. For curiosity sake, I wrote up a quick rule to test
it out:
MSECSSPAM% HAM% S/ORANK SCORE NAME
027920 4940
--On Wednesday, March 08, 2006 8:40 PM -0500 Theo Van Dinter
<[EMAIL PROTECTED]> wrote:
Not in SA proper. For curiosity sake, I wrote up a quick rule to test
it out:
MSECSSPAM% HAM% S/ORANK SCORE NAME
027920 49400.850 0.000.00 (all messages)
1.400
On Wed, Mar 08, 2006 at 04:25:40PM -0800, Kenneth Porter wrote:
> >It's an interesting use, but I don't believe it would confuse
> >SpamAssassin, etc. The second URI should be visible enough to be
> >checked, and I added the IP to ph.surbl.org.
>
> Is there an SA rule that checks for nested ancho
--On Wednesday, March 08, 2006 2:24 PM -0800 Jeff Chan <[EMAIL PROTECTED]>
wrote:
It's an interesting use, but I don't believe it would confuse
SpamAssassin, etc. The second URI should be visible enough to be
checked, and I added the IP to ph.surbl.org.
Is there an SA rule that checks for ne
On Wednesday 08 March 2006 12:14, Kevin A. McGrail wrote:
>A co-worker of mine just pointed this out to me today. He tested it
> in Thunderbird and I tested it in OE6. It warrants serious
> attention.
>
>Ignoring the munged part, this would trick a very savvy internet user
> that allows HTML emai
On Wednesday, March 8, 2006, 9:14:57 AM, Kevin McGrail wrote:
> A co-worker of mine just pointed this out to me today. He tested it in
> Thunderbird and I tested it in OE6. It warrants serious attention.
> Ignoring the munged part, this would trick a very savvy internet user that
> allows HTML e
A co-worker of mine just pointed this out to me today. He tested it in
Thunderbird and I tested it in OE6. It warrants serious attention.
Ignoring the munged part, this would trick a very savvy internet user that
allows HTML email, clicks on a link and doesn't check the browser address
line.
An
11 matches
Mail list logo
