wouldn't want to filter out arlsoft. And the villain's domain is valodata today,
but could be anything tomorrow. What I was looking for was a way to
increase the X-SpamScore of any email which contained a tag which when
executed would send the email recipient's address back to some server.
Hardcoding a string so that I ([EMAIL PROTECTED]) am the only victim protected
would be much too specific. As Mathew rightly pointed out, a smart
spammer could easily get around my proposed solution by including an
obfuscated form of the recipient's address as part of the value of the
src= attribute of the <img> tag. On the other hand, I would argue that
not all spammers are that smart, and it wouldn't hurt to allow SpamAssassin
to identify the dumb ones.
Mark
Tony Earnshaw wrote:
Mathew Hendry wrote:
That's a very old trick. SpamAssassin is not the program to defeat it though.
Not exactly. Probably unique to this message, but make a rule to filter uri arlsoft or valodata and give that enough points.
save Mark's ">" commented stuff, then:
vi mark :g/ >/s///g
local.cf:
uri ARL /(arlsoft|valodata)/i describe ARL SystemAddition: ARLSOFT score ARL 10.0
Like "it works for me."
Drawbacks: nothing to do with any image. And next time it will be something else, but neither arlsoft nor valodata uris will ever make it again. Pity for the real arlsoft and/or valodata.
Or as I've suggested before, have SA analyse and learn from images on porn sites. Something for the developers to do in their spare time ;)
Tony
------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01 _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
