Hello Robin,
RW> Indeed. From now on such messages have a one-way ticket to RW> the spam pit: RW> score BASE64-ENC-TEXT 100.0 Hmm, given Alain's comments, it might be better to simply assign a score close to the default spam thresshold for your system, for reasons I will detail below. RW> The default scoring at http://spamassassin.org/tests.html strikes me as RW> rather low, unless there really are legitimate messages being sent with RW> base-64 encoding: There ARE some legit uses for the base 64 encoding, but it's not common. It's a way of encoding a binary attachment so it can be incorporated within a text message, as opposed to being read as a separate attachment. It is not needed for a standard HTML image - that is, you can send email with pictures in it without having to resort to base 64 encoding - but the point is that it can be done. I just happen to not have seen any legit emails come my way using that. - RW> Does anyone know of a single non-spam message which is sent this way? RW> What software, other than that of spammers, would generate such messages? Alain pointed out that a certain abomination called Incredimail does this, but I have a solution: You can download the email client for free at http://www.incredimail.com/ - and then send a test message from it to see what unique headers it may generate (presumeably something like "X-Mailer: Incredimail" - but you'd have to see a real mail to figure it out). Then you can simply create your own counter rule, subtracting a couple of points for the Incredimail program -- assuming that isn't a program that does mass UCE mailing as well. Actually what SA is doing to come up with the BASE64 tag is this: eval:check_for_mime('mime_base64_encoded_text') Perhaps if Base 64 encoding becomes more prevalent for legit uses, then SA will have to have a routine built in to parse out the Base 64 mail for actual content, but then of course the spammers will be up to new tricks. RW> I will regard the use of base-64 encoding for RW> text or HTML as a 100% sure indicator that the message is spam. I wouldn't say 100% sure, more like 95% sure. That's why I would suggest scoring it in a way that it could be counter-acted by whitelisting and negative points you could assign for indications of legit mail. -Abigail ------------------------------------------------------- This SF.Net email is sponsored by: INetU Attention Web Developers & Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
