On Wed, 2 Jul 2003, Jim Ford wrote:
> On Wed, Jul 02, 2003 at 10:31:30PM +0200, Kai Schaetzl wrote:
>
> > no "extra". There is no difference in text/plain or HTML text advertising, so
> > why should one try to to match in mixed text and markup? I think this has also
> > been discussed here some weeks ago. Don't remember the outcome or if it is
> > already been done in SA to some extent.
>
> If spam with eg 'pen<frame></frame>is enlarge<frame></frame>ment' is
> slipping through as has previously been mentioned, then it can't have been
> done in SA yet.
>
> If email is filtered in procmail with '| sed s/<frame><\/frame>//g' before
> passing it to SA, it should get caught. I'm looking forward to receiving
> spam using this technique so I can try it out. (Ironic - looking forward to
> receiving spam 8^/ )
>
> Regards: Jim Ford
Jim, here's a snippet from an actual spam to illustrate what they did.
Note that the spammer is using the technique to imbed garbage in the
middle of a 'hot' word to try to prevent its recognition. So they're
depending upon the browser rendering to hide the garbage so that the
customer/victim gets the message.
<br>Via<frame><noframes>4zxqf</noframes></frame>gra as low as
So you see that the simple-minded sed stripping won't work here.
You need the actual browser rendering logic to remove the garbage.
I've seen other spam use random nonsense "HTML tags" (IE <random-stuff>)
imbedded in spam "hot words" to do a similar stunt.
--
Dave Funk University of Iowa
<dbfunk (at) engineering.uiowa.edu> College of Engineering
319/335-5751 FAX: 319/384-0549 1256 Seamans Center
Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{
-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
