All,

Is it safe to say that no legitimate email would try and hide a URI in the
body of a message by using the hex equivalent of the link?

It seems to me that is the case.

if so, I would like to write a rule that detects the use of this tactic.

Also, is it possible for SA to detect attachments?  if so, I don't want to
block based on these attachments, however, I would like to build a meta rule
that incorporates a message that includes a hex-URI AND has an image
attachment...

these are the only guys getting throught consistently right now...


CT



-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Reply via email to